I want to restrict downlaods to:
- files from directory /media
- only download from the same domain

is the underneath code hackerproof to ensure this?

please feedback.

<?php

$fileName = base64_decode($_GET['fileid']);

$dir = "media/";

$file = $dir.$fileName;

//check for dot before looking for extension
$gotDot = strpos($fileName,".");

if($gotDot){
$extension = "";
$i = strlen($fileName);
while (substr($fileName, $i, 1)!= ".") {
$extension = substr($fileName, $i--, 1) . $extension;
}
$extension = strtolower($extension);
}

//check if theres no slash in the filename against hacking
$gotForwardSlash = strpos($fileName,"/");
$gotBackwardSlash = strpos($fileName,"\\");

//check if the page calling this download is from the same domain against hacking
$serverName = $_SERVER['SERVER_NAME'];
$previousUrl = $_SERVER['HTTP_REFERER'];
$sameDomain = strpos($previousUrl,$serverName);

if(!$gotForwardSlash &&!$gotBackwardSlash && $gotDot && $sameDomain == 7){
//force the download
header('Content-Disposition: inline; filename="' . $file . '"');
header('Content-length: "' . filesize($file) . '"');
header('Content-Type: "' . $extension . '"');
header('Content-Disposition: attachment; filename="' . $fileName . '"');
readfile($file);
}else{
echo "file can not be downloaded";
}

?>