RE: [PHP] Download Script
> I am
> wondering if this is my headers that are doing this, but I
> really dont know.
I think its an IE or Windows behavior and what causes it is the multiple
dots in the filename. I resorted to naming our downloads
"filename-v1_0_2_1.exe"
> -Original Message-
> From: Aaron Todd [mailto:[EMAIL PROTECTED]
> Sent: Friday, August 27, 2004 11:35 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP] Download Script
>
>
> I've created a download script that works quite nicely. The
> only issue with
> it is that when I download a file where the file name is like
> "filename
> v1.0.2.1.exe" there is some extra characters added into the
> name when it is
> downloaded. So that file will be "filename v1[1].0.2.1.exe". I am
> wondering if this is my headers that are doing this, but I
> really dont know.
>
> Here is my code:
> $file = $_GET['file'];
> $path = $_GET['type'];
> $rootpath = "/home/virtual/site341/fst/var/www/downloads/";
> $filename = "$rootpath$path/$file";
> if (file_exists($filename)) {
> header("Content-Description: File Transfer");
> header("Pragma: no-cache");
> header("Content-Type: application/force-download");
> header("Content-Disposition: attachment;
> filename=".basename($filename));
> header("Content-Length: ".filesize($filename));
> $handle = fopen(($filename), "r");
> print(fread($handle, filesize($filename)));
> flush();
> fclose($handle);
> } else {
> header("HTTP/1.0 404 Not Found");
> }
> ?>
> If anyone can let me know what is going on I'd appreciate it.
>
> Thanks,
>
> Aaron
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Download Script
I've created a download script that works quite nicely. The only issue with it is that when I download a file where the file name is like "filename v1.0.2.1.exe" there is some extra characters added into the name when it is downloaded. So that file will be "filename v1[1].0.2.1.exe". I am wondering if this is my headers that are doing this, but I really dont know. Here is my code: If anyone can let me know what is going on I'd appreciate it. Thanks, Aaron -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] download script
Hi,
Following class may be usefull.
http://www.phpclasses.org/browse/package/699.html
One Advice :: Please check your script in another
browsers too. some Buggy Browser may cause the
problems.
zareef ahmed
--- Aaron Todd <[EMAIL PROTECTED]> wrote:
> I was going to post another follow-up question in a
> pending thread here but
> it seems to have been deleted. Anyway, I am trying
> to write a download
> script that will downloaded files from my site. All
> these files need to be
> protected so just anybody cant come to the site and
> download them. I have
> already created a login environment for this site
> and just need to make my
> file downloads work. Currently they are in a
> directory protected by
> .htaccess.
>
> I was told on the previous thread that I needed to
> place the files that are
> protected by .htaccess ouside of the webroot in
> order for PHP to have rights
> to them. My web root is
> /home/lgxdlr/mainwebsite_html/ I put the secure
> directory called test in /home/lgxdlr/
>
> I am trying to dowload a file using readfile(), but
> PHP still cant seem to
> get to the file. Here is my code:
>
> $file = "/home/lgxdlr/test/".$_GET['file']."";
> if (file_exists(basename($file))) {
> header("Content-Description: File Transfer");
> header("Content-Type:
> application/force-download");
> header("Content-Disposition: attachment;
> filename=".basename($file));
> @readfile($file);
> } else {
> echo "$file";
> echo basename($file);
> echo "No File Found";
> }
> ?>
>
> If anyone can give me a hand with this please post.
>
> Thanks,
>
> Aaron
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
=
Zareef Ahmed :: A PHP Developer in Delhi(India).
Homepage :: http://www.zasaifi.com
__
Do you Yahoo!?
Yahoo! Mail Now with 25x more storage than before!
http://promotions.yahoo.com/new_mail
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] download script
A hacker could modify the URL Mypage.php?file=book.pdf Becomes Mypage.php?file=../htdocs/.htaccess > -Original Message- > From: Aaron Todd [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 11, 2004 11:58 AM > To: [EMAIL PROTECTED] > Subject: Re: [PHP] download script > > Why would this be a security hole if I do not filter the file name before > I > use it? > > Thanks, > > Aaron > > > "Ed Lazor" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > The other guys addressed how to get the script working, but I thought I > > might also mention that you're presenting a potential security hole in > your > > app by not filtering the file name before using it. You'll also want to > use > > the realpath command on the full file name and path. > > > > > -Original Message- > > > $file = "/home/dlr/test/".$_GET['file'].""; > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] download script
"Aaron Todd" [EMAIL PROTECTED]> wrote in message > > $file = "/home/dlr/test/".$_GET['file'].""; > Why would this be a security hole if I do not filter the file > name before I use it? http://www.yourdomain.com/yourfile.php?file=../../path/to/any/file/on/machine ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] download script
Why would this be a security hole if I do not filter the file name before I use it? Thanks, Aaron "Ed Lazor" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > The other guys addressed how to get the script working, but I thought I > might also mention that you're presenting a potential security hole in your > app by not filtering the file name before using it. You'll also want to use > the realpath command on the full file name and path. > > > -Original Message- > > $file = "/home/dlr/test/".$_GET['file'].""; -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] download script
The other guys addressed how to get the script working, but I thought I might also mention that you're presenting a potential security hole in your app by not filtering the file name before using it. You'll also want to use the realpath command on the full file name and path. > -Original Message- > $file = "/home/dlr/test/".$_GET['file'].""; -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] download script
Thanks for your reply,
I am not getting an error at all. I have coded some error traping so if the
files is not found it will tell you instead of displaying an error. As a
test I took all of that out so the script was:
$file = "/home/dlr/test/".$_GET['file'].""
header("Content-Description: File Transfer");
header("Content-Type: application/force-download");
header("Content-Disposition: attachment; filename=".basename($file));
readfile($file);
I also took out the @ as you suggested.
Like that it brings up a download window like it should and then downloads a
file with the correct name, but it is only about 400 bytes and cannot be
read.
Thanks again for your help,
Aaron
"John Nichel" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Aaron Todd wrote:
>
> > > $file = "/home/dlr/test/".$_GET['file']."";
> > if (file_exists(basename($file))) {
> > header("Content-Description: File Transfer");
> > header("Content-Type: application/force-download");
> > header("Content-Disposition: attachment; filename=".basename($file));
> > @readfile($file);
> > } else {
> > echo "$file";
> > echo basename($file);
> > echo "No File Found";
> > }
> > ?>
>
> Belay my last post...you're using readfile and not fread.
>
> Okay, what error is the script outputting? You should remove the '@'
> from in front of readfile() so that it will output an error if it's the
> problem.
>
> --
> John C. Nichel
> ÜberGeek
> KegWorks.com
> 716.856.9675
> [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] download script
Aaron Todd wrote: "; echo basename($file); echo "No File Found"; } ?> Belay my last post...you're using readfile and not fread. Okay, what error is the script outputting? You should remove the '@' from in front of readfile() so that it will output an error if it's the problem. -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] download script
Aaron Todd wrote: "; echo basename($file); echo "No File Found"; } ?> Where are you opening the file? -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] download script
On Thursday 12 August 2004 01:06, Aaron Todd wrote:
> I am trying to dowload a file using readfile(), but PHP still cant seem to
> get to the file.
And what exactly does that mean? Any error messages?
> Here is my code:
>
> $file = "/home/lgxdlr/test/".$_GET['file']."";
> if (file_exists(basename($file))) {
Lookup what basename() does to see why using it with file_exists() in this way
is most likely wrong (given what you're trying to do).
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
/*
Wind velocity increases in direct proportion to how well your hat fits
-- Murphy's Horse Laws n17
*/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] download script
I was going to post another follow-up question in a pending thread here but it seems to have been deleted. Anyway, I am trying to write a download script that will downloaded files from my site. All these files need to be protected so just anybody cant come to the site and download them. I have already created a login environment for this site and just need to make my file downloads work. Currently they are in a directory protected by .htaccess. I was told on the previous thread that I needed to place the files that are protected by .htaccess ouside of the webroot in order for PHP to have rights to them. My web root is /home/dlr/mainwebsite_html/ I put the secure directory called test in /home/dlr/ I am trying to dowload a file using readfile(), but PHP still cant seem to get to the file. Here is my code: "; echo basename($file); echo "No File Found"; } ?> If anyone can give me a hand with this please post. Thanks, Aaron -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] download script
I was going to post another follow-up question in a pending thread here but it seems to have been deleted. Anyway, I am trying to write a download script that will downloaded files from my site. All these files need to be protected so just anybody cant come to the site and download them. I have already created a login environment for this site and just need to make my file downloads work. Currently they are in a directory protected by .htaccess. I was told on the previous thread that I needed to place the files that are protected by .htaccess ouside of the webroot in order for PHP to have rights to them. My web root is /home/lgxdlr/mainwebsite_html/ I put the secure directory called test in /home/lgxdlr/ I am trying to dowload a file using readfile(), but PHP still cant seem to get to the file. Here is my code: "; echo basename($file); echo "No File Found"; } ?> If anyone can give me a hand with this please post. Thanks, Aaron -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] download script
Instead, find out exactly what headers it is that Getright sends.
Store the resume point in $resume_bytecount
Then, have your script do something like this:
/** Send the appropriate HTML headers **/
/** Do this instead of the fpassthru **/
$filesize = size($filename);
$fp = fopen('$filename','r');
while ($byte_count < $resume_bytecount)
{
fread($fp,1);
$byte_count = $byte_count + 1;
}
while(!feof($fp))
{
print(read($fp, 8192));
flush();
}
Simple, read the file until resume point
Then, send the file with an 8k blocksize (standard I believe, change as
necessary)
Matt
- Original Message -
From: Timothy Hitchens (HiTCHO) <[EMAIL PROTECTED]>
To: 'Martin' <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, January 21, 2003 10:08 AM
Subject: RE: [PHP] download script
> I have never done a script that supports resume but this is the logic
> you need to follow to work out the protocol behaviour.
>
> - Create a download script as per below start downloading then stop the
> web server.
> - Change the script to e-mail you the headers from the script request.
> - Restart the web server and tell Get Right to resume.
>
> You should now know what it sends and you simply need to read in the
> file to that point
> in the data and start the stream again.
>
> I hope this helps. (Trial and Error)
>
>
> Timothy Hitchens (HiTCHO)
> Open Source Consulting
> e-mail: [EMAIL PROTECTED]
>
> > -Original Message-
> > From: Martin [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, 22 January 2003 12:50 AM
> > To: [EMAIL PROTECTED]
> > Subject: [PHP] download script
> >
> >
> > i need a script that make downloads from files but it must
> > support resuming for getright and download acelerator pro.
> > Thanks... I have this classic download script , but does not
> > support resuming
> >error_reporting(0);
> >header("Last-Modified: " . gmdate("D, d M Y H:i:s T",
> > filemtime($filename)));
> >header("Accept-Ranges: bytes");
> >header("Content-Length: " . filesize($filename));
> >header("Content-Disposition: attachment; filename=" .
> > $download);
> > // header("Content-Type: application/octet-stream");
> >readfile($filename);
> >header("Connection: close");
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] download script
I have never done a script that supports resume but this is the logic
you need to follow to work out the protocol behaviour.
- Create a download script as per below start downloading then stop the
web server.
- Change the script to e-mail you the headers from the script request.
- Restart the web server and tell Get Right to resume.
You should now know what it sends and you simply need to read in the
file to that point
in the data and start the stream again.
I hope this helps. (Trial and Error)
Timothy Hitchens (HiTCHO)
Open Source Consulting
e-mail: [EMAIL PROTECTED]
> -Original Message-
> From: Martin [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, 22 January 2003 12:50 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP] download script
>
>
> i need a script that make downloads from files but it must
> support resuming for getright and download acelerator pro.
> Thanks... I have this classic download script , but does not
> support resuming
>error_reporting(0);
>header("Last-Modified: " . gmdate("D, d M Y H:i:s T",
> filemtime($filename)));
>header("Accept-Ranges: bytes");
>header("Content-Length: " . filesize($filename));
>header("Content-Disposition: attachment; filename=" .
> $download);
> // header("Content-Type: application/octet-stream");
>readfile($filename);
>header("Connection: close");
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] download script
i need a script that make downloads from files but it must support resuming
for getright and download acelerator pro.
Thanks...
I have this classic download script , but does not support resuming
error_reporting(0);
header("Last-Modified: " . gmdate("D, d M Y H:i:s T",
filemtime($filename)));
header("Accept-Ranges: bytes");
header("Content-Length: " . filesize($filename));
header("Content-Disposition: attachment; filename=" . $download);
// header("Content-Type: application/octet-stream");
readfile($filename);
header("Connection: close");
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Download Script - Newbie Alert
That can be spoofed, though, and not all browsers set it, and will not
stop anyone from just typing in the URL...
http://www.example.com/files/mydoc.doc
---John Holmes...
> -Original Message-
> From: Marek Kilimajer [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, June 04, 2002 3:58 AM
> To: PHP
> Subject: Re: [PHP] Download Script - Newbie Alert
>
> You can also check $HTTP_REFERER, it's much simpler
>
> Marek
>
> Clay Loveless wrote:
>
> >Something else along these lines -- I really, really wish that more
sites
> >that use this method would test across multiple browsers and
platforms.
> >
> >I agree with everything John is saying regarding testing
> access/permissions
> >-- I've used this technique many times myself.
> >
> >However, if a user with Internet Explorer on Mac OS X clicks this
link:
> >
> >www.domain.dom/file.php?id=23
> >
> >They'll wind up with a file on their desktop called "file.php".
> >
> >Not every browser pays close enough attention to the "filename" in
the
> >Content-Disposition header.
> >
> >Solution?
> >
> >www.domain.com/file.php/23/docname.xls
> >
> >I believe this will run file.php, which can then pull in the
$PATH_INFO
> to
> >determine what file is being requested, check session permissions,
etc.,
> can
> >then spit out the right headers as John suggests, AND users will
> definitely
> >wind up with a downloaded file called "docname.xls".
> >
> >If your pages are dynamically generated, you can even do tricks like
this
> to
> >thwart external linking:
> >
> > >$bootLeech = date("U") / 2;
> >echo "
>href=\"http://www.domain.com/file.php/23/$bootLeech/docname.xls";>downlo
ad
> >
> >
> >>";
> >>
> >>
> >?>
> >
> >Then in your file.php script, do the following:
> >- explode $PATH_INFO on "/"
> >- check the $bootLeach array position with the same calculation
...
> >Where you can allow a plus/minus error tolerance of 10 minutes.
> >
> >
> >We use this trick on http://www.imagescentral.com ... Kids frequently
> want
> >to build Geocities sites that leech all our images. Our image file
URLs
> work
> >*just* long enough for them to build their pages, and test that they
look
> >good.
> >
> >30 hours later, all the leeched images are replaced with Images
Central
> >logos. : )
> >
> >Fun!
> >
> >-Clay
> >
> >
> >
> >
> >
> >>From: "John Holmes" <[EMAIL PROTECTED]>
> >>Organization: U.S. Army
> >>Reply-To: <[EMAIL PROTECTED]>
> >>Date: Mon, 3 Jun 2002 20:06:42 -0400
> >>To: "'Philip Hess'" <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>
> >>Subject: RE: [PHP] Download Script - Newbie Alert
> >>
> >>Store the files above your web root and use a PHP script to control
> >>access.
> >>
> >>Use header to set the appropriate header for the file,
> >>
> >>header("Content-Type: application/vnd.ms-excel; name='excel'");
> >>header("Content-Disposition: attachment; filename=" . $filename .
> >>".xls");
> >>
> >>then use passthru() to send the contents of the file. Use a path for
> >>passthru that's above the web root.
> >>
> >>The key to this though, is to do some checking with PHP to make sure
the
> >>person is authorized to download the file. Simply doing the above
will
> >>still allow someone to link directly to file.php?id=23 or whatever,
and
> >>get the contents.
> >>
> >>Start a session on another page, the one before the download, and
then
> >>check for the session in this page, before you send the file. If the
> >>session doesn't exist (or a certain variable within it) then don't
send
> >>the file.
> >>
> >>---John Holmes...
> >>
> >>
> >>
> >>>-Original Message-
> >>>From: Philip Hess [mailto:[EMAIL PROTECTED]]
> >>>Sent: Monday, June 03, 2002 6:09 PM
> >>>To: [EMAIL PROTECTED]
> >>>Subject: [PHP] Download Script - Newbie Alert
> >>>
> >>>Hello,
> >>>
> >>>I would like to allow visitors to my site to download documents
> >>>
> >>>
> >>created
> >>
> >>
> >>>with MS office and
Re: [PHP] Download Script - Newbie Alert
You can also check $HTTP_REFERER, it's much simpler
Marek
Clay Loveless wrote:
>Something else along these lines -- I really, really wish that more sites
>that use this method would test across multiple browsers and platforms.
>
>I agree with everything John is saying regarding testing access/permissions
>-- I've used this technique many times myself.
>
>However, if a user with Internet Explorer on Mac OS X clicks this link:
>
>www.domain.dom/file.php?id=23
>
>They'll wind up with a file on their desktop called "file.php".
>
>Not every browser pays close enough attention to the "filename" in the
>Content-Disposition header.
>
>Solution?
>
>www.domain.com/file.php/23/docname.xls
>
>I believe this will run file.php, which can then pull in the $PATH_INFO to
>determine what file is being requested, check session permissions, etc., can
>then spit out the right headers as John suggests, AND users will definitely
>wind up with a downloaded file called "docname.xls".
>
>If your pages are dynamically generated, you can even do tricks like this to
>thwart external linking:
>
>$bootLeech = date("U") / 2;
>echo "href=\"http://www.domain.com/file.php/23/$bootLeech/docname.xls";>download
>
>>";
>>
>>
>?>
>
>Then in your file.php script, do the following:
>- explode $PATH_INFO on "/"
>- check the $bootLeach array position with the same calculation ...
>Where you can allow a plus/minus error tolerance of 10 minutes.
>
>
>We use this trick on http://www.imagescentral.com ... Kids frequently want
>to build Geocities sites that leech all our images. Our image file URLs work
>*just* long enough for them to build their pages, and test that they look
>good.
>
>30 hours later, all the leeched images are replaced with Images Central
>logos. : )
>
>Fun!
>
>-Clay
>
>
>
>
>
>>From: "John Holmes" <[EMAIL PROTECTED]>
>>Organization: U.S. Army
>>Reply-To: <[EMAIL PROTECTED]>
>>Date: Mon, 3 Jun 2002 20:06:42 -0400
>>To: "'Philip Hess'" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
>>Subject: RE: [PHP] Download Script - Newbie Alert
>>
>>Store the files above your web root and use a PHP script to control
>>access.
>>
>>Use header to set the appropriate header for the file,
>>
>>header("Content-Type: application/vnd.ms-excel; name='excel'");
>>header("Content-Disposition: attachment; filename=" . $filename .
>>".xls");
>>
>>then use passthru() to send the contents of the file. Use a path for
>>passthru that's above the web root.
>>
>>The key to this though, is to do some checking with PHP to make sure the
>>person is authorized to download the file. Simply doing the above will
>>still allow someone to link directly to file.php?id=23 or whatever, and
>>get the contents.
>>
>>Start a session on another page, the one before the download, and then
>>check for the session in this page, before you send the file. If the
>>session doesn't exist (or a certain variable within it) then don't send
>>the file.
>>
>>---John Holmes...
>>
>>
>>
>>>-Original Message-
>>>From: Philip Hess [mailto:[EMAIL PROTECTED]]
>>>Sent: Monday, June 03, 2002 6:09 PM
>>>To: [EMAIL PROTECTED]
>>>Subject: [PHP] Download Script - Newbie Alert
>>>
>>>Hello,
>>>
>>>I would like to allow visitors to my site to download documents
>>>
>>>
>>created
>>
>>
>>>with MS office and .PDF files as well. In order to prevent linking
>>>
>>>
>>from
>>
>>
>>>other sites I'd like to make or modify a script that hides the actual
>>>location of the files.
>>>
>>>A pointer in the right direction would be most appreciated.
>>>
>>>Thanks
>>>---
>>>Philip Hess - Pittsburgh, PA USA - Computer Teacher
>>>E-mail: pjh_at_zoominternet.net
>>>Phil's Place (my web site) http://phil.mav.net/
>>>PA School District Database: http://phil.mav.net/district.hts
>>>---
>>>
>>>
>>>--
>>>PHP General Mailing List (http://www.php.net/)
>>>To unsubscribe, visit: http://www.php.net/unsub.php
>>>
>>>
>>
>>--
>>PHP General Mailing List (http://www.php.net/)
>>To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>>
>
>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Download Script - Newbie Alert
Something else along these lines -- I really, really wish that more sites
that use this method would test across multiple browsers and platforms.
I agree with everything John is saying regarding testing access/permissions
-- I've used this technique many times myself.
However, if a user with Internet Explorer on Mac OS X clicks this link:
www.domain.dom/file.php?id=23
They'll wind up with a file on their desktop called "file.php".
Not every browser pays close enough attention to the "filename" in the
Content-Disposition header.
Solution?
www.domain.com/file.php/23/docname.xls
I believe this will run file.php, which can then pull in the $PATH_INFO to
determine what file is being requested, check session permissions, etc., can
then spit out the right headers as John suggests, AND users will definitely
wind up with a downloaded file called "docname.xls".
If your pages are dynamically generated, you can even do tricks like this to
thwart external linking:
http://www.domain.com/file.php/23/$bootLeech/docname.xls";>download";
?>
Then in your file.php script, do the following:
- explode $PATH_INFO on "/"
- check the $bootLeach array position with the same calculation ...
Where you can allow a plus/minus error tolerance of 10 minutes.
We use this trick on http://www.imagescentral.com ... Kids frequently want
to build Geocities sites that leech all our images. Our image file URLs work
*just* long enough for them to build their pages, and test that they look
good.
30 hours later, all the leeched images are replaced with Images Central
logos. : )
Fun!
-Clay
> From: "John Holmes" <[EMAIL PROTECTED]>
> Organization: U.S. Army
> Reply-To: <[EMAIL PROTECTED]>
> Date: Mon, 3 Jun 2002 20:06:42 -0400
> To: "'Philip Hess'" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> Subject: RE: [PHP] Download Script - Newbie Alert
>
> Store the files above your web root and use a PHP script to control
> access.
>
> Use header to set the appropriate header for the file,
>
> header("Content-Type: application/vnd.ms-excel; name='excel'");
> header("Content-Disposition: attachment; filename=" . $filename .
> ".xls");
>
> then use passthru() to send the contents of the file. Use a path for
> passthru that's above the web root.
>
> The key to this though, is to do some checking with PHP to make sure the
> person is authorized to download the file. Simply doing the above will
> still allow someone to link directly to file.php?id=23 or whatever, and
> get the contents.
>
> Start a session on another page, the one before the download, and then
> check for the session in this page, before you send the file. If the
> session doesn't exist (or a certain variable within it) then don't send
> the file.
>
> ---John Holmes...
>
>> -Original Message-
>> From: Philip Hess [mailto:[EMAIL PROTECTED]]
>> Sent: Monday, June 03, 2002 6:09 PM
>> To: [EMAIL PROTECTED]
>> Subject: [PHP] Download Script - Newbie Alert
>>
>> Hello,
>>
>> I would like to allow visitors to my site to download documents
> created
>> with MS office and .PDF files as well. In order to prevent linking
> from
>> other sites I'd like to make or modify a script that hides the actual
>> location of the files.
>>
>> A pointer in the right direction would be most appreciated.
>>
>> Thanks
>> ---
>> Philip Hess - Pittsburgh, PA USA - Computer Teacher
>> E-mail: pjh_at_zoominternet.net
>> Phil's Place (my web site) http://phil.mav.net/
>> PA School District Database: http://phil.mav.net/district.hts
>> ---
>>
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Download Script - Newbie Alert
Store the files above your web root and use a PHP script to control
access.
Use header to set the appropriate header for the file,
header("Content-Type: application/vnd.ms-excel; name='excel'");
header("Content-Disposition: attachment; filename=" . $filename .
".xls");
then use passthru() to send the contents of the file. Use a path for
passthru that's above the web root.
The key to this though, is to do some checking with PHP to make sure the
person is authorized to download the file. Simply doing the above will
still allow someone to link directly to file.php?id=23 or whatever, and
get the contents.
Start a session on another page, the one before the download, and then
check for the session in this page, before you send the file. If the
session doesn't exist (or a certain variable within it) then don't send
the file.
---John Holmes...
> -Original Message-
> From: Philip Hess [mailto:[EMAIL PROTECTED]]
> Sent: Monday, June 03, 2002 6:09 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] Download Script - Newbie Alert
>
> Hello,
>
> I would like to allow visitors to my site to download documents
created
> with MS office and .PDF files as well. In order to prevent linking
from
> other sites I'd like to make or modify a script that hides the actual
> location of the files.
>
> A pointer in the right direction would be most appreciated.
>
> Thanks
> ---
> Philip Hess - Pittsburgh, PA USA - Computer Teacher
> E-mail: pjh_at_zoominternet.net
> Phil's Place (my web site) http://phil.mav.net/
> PA School District Database: http://phil.mav.net/district.hts
> ---
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Download Script - Newbie Alert
Hello, I would like to allow visitors to my site to download documents created with MS office and .PDF files as well. In order to prevent linking from other sites I'd like to make or modify a script that hides the actual location of the files. A pointer in the right direction would be most appreciated. Thanks --- Philip Hess - Pittsburgh, PA USA - Computer Teacher E-mail: pjh_at_zoominternet.net Phil's Place (my web site) http://phil.mav.net/ PA School District Database: http://phil.mav.net/district.hts --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Download script - sometime works sometime not
> Its works for file .html or.zip or .tar or .tar.gz > But it is not for text file.. > Could you recommend how I download text file ? > What do I have to do in my scripts...? > > I read the manual about HTTP functionsand search through > mailing list > about header functions > but still no clue.. > Thank you... If you send a text file, MSIE will probably view it anyway. Netscape will behave. Alternative? Send a completely madeup mime type, forcing MSIE to go into download mode. Jason -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Download script - sometime works sometime not
Its works for file .html or.zip or .tar or .tar.gz But it is not for text file.. Could you recommend how I download text file ? What do I have to do in my scripts...? I read the manual about HTTP functionsand search through mailing list about header functions but still no clue.. Thank you... - Original Message - From: "speedboy" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, November 07, 2001 3:16 PM Subject: Re: [PHP] Download script - sometime works sometime not > > My problem,...this script works with somefile but sometime it does not ! > > Is the problem related to php.ini or apache configuration ? > > I think you'll find it's a browser problem. I have given up on trying to > do anything like this. It just doesn't work except for very simple > browsers. I tested it on lynx and it's perfect. On IE and Netscape, > Mozilla you get varying results. > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] download script
On Wed, 22 Aug 2001 10:19, AD wrote:
> Hi,
>
> I'm working on a download script
>
> header("Content-Type: application/octet-stream\n");
> header("Content-Length: $size\n");
> header("Content-Disposition: attachment; filename=\"$file\"\n");
> header("Content-Description: Download\n");
> readfile($path.$file);
>
header( "Content-Type: application/download" );
if (strstr(getenv('HTTP_USER_AGENT'), 'Netscape6' ))
header( "Content-Disposition: attachment; filename=chopper.exe" );
else
header( "Content-Disposition: filename=chopper.exe" );
$fn=fopen( "chopper.exe" , "r" );
fpassthru( $fn );
This was as close as I ever got. Still doesn't work in Konqueror but is an
acknowledged bug.
Cheers,
Brad
--
Brad Hubbard
Congo Systems
12 Northgate Drive,
Thomastown, Victoria, Australia 3074
Email: [EMAIL PROTECTED]
Ph: +61-3-94645981
Fax: +61-3-94645982
Mob: +61-419107559
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] download script
Hi,
I'm working on a download script
header("Content-Type: application/octet-stream\n");
header("Content-Length: $size\n");
header("Content-Disposition: attachment; filename=\"$file\"\n");
header("Content-Description: Download\n");
readfile($path.$file);
This works, but when the initial file download box pops up it says
downloading file download.php (the name of the script), instead of the
filename. The correct filename does appear in the next save as box. Does
anyone know how to get the filename to show up in the initial file download
box? Or, alternatively, how to bypass the first box alltogether (like it is
done at downloads.com, for example)?
Thanks,
Adam
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
