diff --git a/sendalo.html.tpl b/sendalo.html.tpl
index d983a29..c9f8979 100644
--- a/sendalo.html.tpl
+++ b/sendalo.html.tpl
@@ -112,10 +112,10 @@
                 
                 var pb = document.getElementById('playbutton');
                 pb.value = 'Please wait...';
-                pb.enabled = false;
-                document.getElementById('url').enabled = false;
-                document.getElementById('upload').enabled = false;
-                document.getElementById('format').enabled = false;
+                pb.disabled = true;
+                document.getElementById('url').disabled = true;
+                document.getElementById('upload').disabled = true;
+                document.getElementById('format').disabled = true;
             }
 
             function downloadComplete(what) {
@@ -148,10 +148,10 @@
 
                 var pb = document.getElementById('playbutton');
                 pb.value = 'Play!';
-                pb.enabled = false;
-                document.getElementById('url').enabled = true;
-                document.getElementById('upload').enabled = true;
-                document.getElementById('format').enabled = true;
+                pb.disabled = false;
+                document.getElementById('url').disabled = false;
+                document.getElementById('upload').disabled = false;
+                document.getElementById('format').disabled = false;
             }
             
             function resetFile() {
@@ -174,7 +174,7 @@
         </header>
 
         <main>
-            <form>
+            <form onsubmit="return false;">
                 <input type="text" onkeypress="resetFile()" placeholder="https://..." id="url"/><br/>
                 <div id="fc"><input type="file" onchange="resetURL()" id="upload" /></div><br/>
                 <input id="format" type="checkbox"><label for="format"><small>Format disk?</small></label><br/><br/>
diff --git a/sendalo.php.tpl b/sendalo.php.tpl
index 327f9e5..d70e3f1 100644
--- a/sendalo.php.tpl
+++ b/sendalo.php.tpl
@@ -1,10 +1,34 @@
 <?php
+    $alldata = "";
+    function curl_callback($handle, $data) {
+        global $alldata;
+        $alldata .= $data;
+        if (strlen($alldata) > 150000) {
+            die();
+        }
+    
+        else return strlen($data);
+    } 
+
 	if (isset($_REQUEST["url"])) {
         $url = $_REQUEST["url"];
         
+        if (
+            substr($url, 0, strlen('http://')) !== 'http://'
+            && substr($url, 0, strlen('https://')) !== 'https://'
+        ) die();
+        
+        $ch = curl_init($url);
+        $headers = array('X-Forwarded-For: ' . $_SERVER['REMOTE_ADDR']);
+        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
+        curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
+        curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 2);
+        curl_setopt ($ch, CURLOPT_WRITEFUNCTION, 'curl_callback');
+        
+        curl_exec($ch);
+        
         header('Content-type: application/octet-stream');
-        $data = file_get_contents($url, $maxlen=150000);
-        file_put_contents("php://output", $data);
+        file_put_contents("php://output", $alldata);
         
 		die();
 	}