+backup directory check, -closing PHP tag.

I added a backup directory check (as of now, you can download fake backups).

I also removed the closing PHP tag that isn't needed.

web/download/backup/index.php

@@ -5,6 +5,11 @@ session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 $backup = $_GET['backup'];
 
+// Check if the backup exists
+if (!file_exists($backup)) {
+    exit(0);
+}
+
 // Data
 if ($_SESSION['user'] == 'admin') {
     header('Content-type: application/gzip');
@@ -19,5 +24,3 @@ if ((!empty($_SESSION['user'])) && ($_SESSION['user'] != 'admin')) {
         header("X-Accel-Redirect: /backup/" . $backup);
     }
 }
-
-?>