<?php  
         //print $_GET['filename'];
		 // pruning: we only want to server files from the current directory
		 // we only want to serve jpg
		 $clean =str_replace("\\", "NaN",$_GET['filename']);
		 $clean = preg_replace('/[^A-Za-z0-9._]/','',$clean );
		 // heck if extension is .jpg
		 $pos = strpos( substr($clean, -5),".jpg"); 
		 if ($pos) {
        //set the content as octet-stream   
		ini_set('max_execution_time', 300);
		header("Pragma: public"); // required
        header("Expires: 0");
        header("Cache-Control: private",false); // required for certain browsers  
        header("Content-Type: image/jpg");   
        // tell the thing the filesize
        header("Content-Length: " . filesize($clean));    
        // set it as an attachment and give a file name
        header('Content-Disposition: attachment; filename='.basename($clean));
		header("Content-Transfer-Encoding: binary");
        // read into the buffer
		ob_end_flush();
        readfile($clean); 
		}
		else {
		  print "Mime error: You are not allowed to download this type of file";
		}
?>