Leaderboard

also, don't use the actual filename in the download link, as this will allow directory traversal, with the current download.php code, to be used to download any file off of the server, such as your database connection credentials. instead, use an id in the link, then in the download.php code, query to find the actual filename, if any, based on the id. it's an error if the submitted id doesn't match a row of data or if there's no defined file for that id.

You don't have a filename for any of those files. Is there supposed to be a filename for all of those files? If so then you need to fix that. If not then you need to change your code so that it doesn't try to show a download button if there is no file to download.