LinkBack URL
About LinkBacksOkay, in my website you can download things...
But to save work i want to have a single page for all downloads...
like this::
example.com/download.php?d=../../files/sambamusic.exe
or:
example.com/download.php?d=sambamusic
regards
x10 Sophmore
Okay, in my website you can download things...
But to save work i want to have a single page for all downloads...
like this::
example.com/download.php?d=../../files/sambamusic.exe
or:
example.com/download.php?d=sambamusic
regards
LOOK RIGHT
LOOK DOWNQuestions you never knew you wanted answered - http://Wonderabout.info
[New site!] Collection of fun computer pranks! - http://thefakevirus.com
Former Senior Account Rep
Hello,
I wrote this real quick, untested, but give it a shot it's a step in the correct direction.
PHP Code:<?php
// brandon long
// brandon@x10hosting.com
// example: ?id=filename
// get the query string
if (!$_GET['id'])
// die off, could be an error page tooo
die("Need to specifiy a file.");
// set the diretory to were the files are located
$dirOfFiles = ''; // for this example, we will say it's /home/brandon/downloads
// Set the below variable to the ext.
$fileEndExt = '.exe';
// below it will set the full path
$pathToFile = $dirOfFiles . $_GET['id'] . $fileEndExt;
// lets open the file
if ($fileOpenType = fopen($pathToFile, 'r')) {
//get the file size
$fileSizeInfo = filesize($pathToFile);
// setup some variables to exit
header("Content-type: application/octet-stream");
header("Content-Disposition: filename=\"". $_GET['id'] . $fileEndExt ."\"");
header("Content-length: $fileSizeInfo");
// this outputs the file via the script
while(!feof($fileOpenType)) {
echo fread($fd, 2048);
}
fclose($fileOpenType);
} else {
// file ain't there yo, die off
die('No file named ' . $_GET['id'] . $fileEndExt . ' exists on the server.');
}
?>
Last edited by Brandon; 09-16-2010 at 05:43 PM.
Thanks,
Brandon Long
x10 Spammer
Make sure you're not violating the Terms of Service by using your site for file storage.
Better close that security hole with the likes of realpath and a path prefix check.
Lastly, make sure you use the rewrite engine to hide the download script, since it isn't part of the identity of the resource.PHP Code:...
$pathToFile = realpath($dirOfFiles . $_GET['id'] . $fileEndExt);
if (substr_compare($pathToFile, $dirOfFiles, 0, strlen($dirOfFiles)) != 0) {
// attack; file isn't in file storage hierarchy. Return a 404 response
header('HTTP/1.0 404 Not Found');
include('errordoc/404.php'); // or wherever your custom 404 page is
} else {
// file is in download folder; safe to send
...
}
Be sure to read all pages linked in this post; they have further information that should prove useful. When asking for help, make sure you follow Eric Raymond's and Jon Skeet's guidelines for prompt, accurate responses. Please answer any questions I ask; they're not rhetorical (probably). Any posted code is intended as illustrative example, rather than a solution to your problem to be copied without alteration. Study it to learn how to write your own solution.Misson, not Mission.
x10 Sophmore
Well, it did not work.
I put the script in to this file: example.com/download.php and download folder to:http://example.com/files/
I tried to download a file called kamp.exe stored in the files folder. example.com/download.php?kamp
but the die message just showed up! die("Need to specifiy a file.");
Last edited by gaptrast; 09-17-2010 at 01:25 AM.
LOOK RIGHT
LOOK DOWNQuestions you never knew you wanted answered - http://Wonderabout.info
[New site!] Collection of fun computer pranks! - http://thefakevirus.com
Former Senior Account Rep
it would be example.com/download.php?id=kamp
Thanks,
Brandon Long
x10 Sophmore
ERRORS::
Warning: filesize() [function.filesize]: stat failed for http://www.thefakevirus.com/pranks/avoid.exe in /home/gaptrast/public_html/download.php on line 27
Warning: Cannot modify header information - headers already sent by (output started at /home/gaptrast/public_html/download.php:27) in /home/gaptrast/public_html/download.php on line 30
Warning: Cannot modify header information - headers already sent by (output started at /home/gaptrast/public_html/download.php:27) in /home/gaptrast/public_html/download.php on line 31
Warning: Cannot modify header information - headers already sent by (output started at /home/gaptrast/public_html/download.php:27) in /home/gaptrast/public_html/download.php on line 32
one million of theese::
Warning: fread(): supplied argument is not a valid stream resource in /home/gaptrast/public_html/download.php on line 36
Last edited by gaptrast; 09-17-2010 at 01:58 AM.
LOOK RIGHT
LOOK DOWNQuestions you never knew you wanted answered - http://Wonderabout.info
[New site!] Collection of fun computer pranks! - http://thefakevirus.com
x10 Spammer
If something doesn't work the way you think, look into how it works. Filesystem functions (including the stat family) don't work with files retrieved via HTTP (or, indeed, many wrappers). Wrappers have to be based on the capabilities of the underlying transport mechanism. HTTP is a fairly simple protocol and doesn't support many filesystem concepts, such as permissions, ownership, ACLs, creation time and access time (user agents & proxies keep track of his). In any case, you shouldn't access local files via the network. It's an unnecessary waste of resources.
What is the purpose of the download script? What functionality are you missing by linking to the files directly?
Last edited by misson; 09-17-2010 at 03:07 AM.
Be sure to read all pages linked in this post; they have further information that should prove useful. When asking for help, make sure you follow Eric Raymond's and Jon Skeet's guidelines for prompt, accurate responses. Please answer any questions I ask; they're not rhetorical (probably). Any posted code is intended as illustrative example, rather than a solution to your problem to be copied without alteration. Study it to learn how to write your own solution.Misson, not Mission.
x10 Sophmore
It worked when I did only write files/ instead of http://example.com/files/
But I do not want the download to start immidiately, but have a download page saying Download will start shortly. I can put advertisments there...
like this Example from sourceforge.net
LOOK RIGHT
LOOK DOWNQuestions you never knew you wanted answered - http://Wonderabout.info
[New site!] Collection of fun computer pranks! - http://thefakevirus.com
x10 Spammer
In that case, you don't need a script to read & output the file, you just need to redirect to the file. You can load the file in an iframe to download it, or use JS (or both, with the iframe in a <noscript> tag in case JS is disabled or unsupported). You should avoid a meta refresh, as it's been deprecated for various reasons.
Be sure to read all pages linked in this post; they have further information that should prove useful. When asking for help, make sure you follow Eric Raymond's and Jon Skeet's guidelines for prompt, accurate responses. Please answer any questions I ask; they're not rhetorical (probably). Any posted code is intended as illustrative example, rather than a solution to your problem to be copied without alteration. Study it to learn how to write your own solution.Misson, not Mission.
Posting Permissions
Reply With Quote