File to be downloaded is passed to the script as part of the query string: $qs{filename} my $docspath = "/home/acctname/public_html/userdata/user_" . $customer{myid} . '/dlfiles'; if(-d "$docspath") { opendir(READ, "$docspath"); my @files = readdir(READ); closedir(READ); my %relative_mimetype = ( 'gif' => 'image/gif', 'jpeg' => 'image/jpeg', 'jpg' => 'image/jpeg', 'png' => 'image/png', 'bmp' => 'image/bmp', 'doc' => 'application/msword', 'docx' => 'application/x-msword', 'pps' => 'application/mspowerpoint', 'ppt' => 'application/powerpoint', 'pdf' => 'application/pdf', 'txt' => 'text/plain' ); for my $dlfile (@files) { unless($dlfile =~ /^(\.|\..)$/) { if($dlfile =~ /^ **regex to test file name to make sure they are downloading what they are allowed do** /) { my @nameparts = split(/\_/, $dlfile); my $marker = shift @nameparts; my $dl_name = join('_', @nameparts); my ($filename, $ext) = split(/\./, $dl_name); if($dl_name eq $qs{filename}) { my @extension = split(/\./, $nameparts[$#nameparts]); my $mimetype = $relative_mimetype{ lc($extension[$#extension]) }; $mimetype ||= "application/octet-stream"; print "Pragma: no-cache\nContent-Type: $mimetype\nContent-Disposition: attachment; filename=$dl_name;\n\n"; if(open(FILE, "<$docspath/$dlfile")) { if(-B "<$docspath/$dlfile") { binmode(STDOUT); } while() { print $_; } close FILE; exit; } else { print "Pragma: no-cache\nContent-type: text/html\n\Unable to open file. Please contact the Site Adminsitrator. (ErrNo.3)\n\n"; } } } } } }