Untitled

<?php
include($_SERVER['DOCUMENT_ROOT']."/connection.php");   // Paste the connection to SQL
$filename = mysqli_real_escape_string($conn,$_GET['file']);
$path = $_SERVER['DOCUMENT_ROOT']."/"; //Path to the file
$fullPath = $path.$filename; //Path to the download file
$ip  =$_SERVER['REMOTE_ADDR'];
$firmware = $_SERVER['HTTP_X_FIRMWARE'];
$device = $_SERVER["HTTP_X_MACHINE"];
$agent = $_SERVER["HTTP_USER_AGENT"];
$filetypes = array("deb"); // Supported file types

if (!in_array(substr($filename, -3), $filetypes)) {
    echo "Incorrect file type.";
    exit;
}

if ($fd = fopen ($fullPath, "r")) {
    //add download stat
    $result = mysqli_query($conn,$sqq);
    $sqq="SELECT COUNT(*) AS countfile FROM download WHERE filename='" . $filename . "'");
    $data = mysqli_fetch_array($result);
    $q = "";
    if ($data['countfile'] > 0) {
    $q = "UPDATE download SET device = '$device', firmware = '$firmware', agent = '$agent', ip = '$ip', dldate = NOW(), stats = stats + 1 WHERE
    filename = '" . $filename . "'";
    } else {
    $q = "INSERT INTO download (filename, dldate, stats, ip, agent, firmware, device) VALUES
    ('" . $filename . "',NOW(), 1, '$ip', '$agent', '$firmware', '$device')";
    }
$statresult = mysqli_query($conn,$q);
//the nearest part leads from the file
$fsize = filesize($fullPath);
$path_parts = pathinfo($fullPath);

header("Content-type: application/octet-stream");
header("Content-Disposition: filename="".$path_parts["basename"].""");
header("Content-length: $fsize");
header("Cache-control: private");              //Open the download file
while(!feof($fd)) {
    $buffer = fread($fd, 2048);
    echo $buffer;
}
}
fclose ($fd);
exit;
?>

// Create connection
$servername = "localhost";
$username = "user";
$password = "pass";
$db = "database";

$conn = mysqli_connect($servername, $username, $password, $db);

// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
?>