peter321 Posted April 17, 2008 Share Posted April 17, 2008 I am implementing a php scripts that, when invoked like "program.php?$id", the value of the variable will be used as part of an URL. I used $theDir="http://xxx.com/files/"; $filename = $theDir.$_GET['id']; However it produces an error and apparently $filename is not working. What part is wrong, please help. Link to comment https://forums.phpfreaks.com/topic/101567-variable-as-part-of-the-redirect-url/ Share on other sites More sharing options...
JSHINER Posted April 17, 2008 Share Posted April 17, 2008 Do you have ?id=X in the URL? You want it to work like this right: URL: http://www.thesite.com/program.php?id=6 $theDir = "http://www.xxx.com/files/"; $filename = $theDir.$_GET['id']; Final result being http://www.xxx.com/files/6 Link to comment https://forums.phpfreaks.com/topic/101567-variable-as-part-of-the-redirect-url/#findComment-519507 Share on other sites More sharing options...
peter321 Posted April 17, 2008 Author Share Posted April 17, 2008 Yes, that is what I want. If I use $filename="http://www.xxx.com/files/6.pdf"; directly in the program, the program will find the file, but when I use program.php?id=6.pdf $theDir="http://xxx.com/files/"; $filename = $theDir.$_GET['id']; the file is not found. Link to comment https://forums.phpfreaks.com/topic/101567-variable-as-part-of-the-redirect-url/#findComment-519521 Share on other sites More sharing options...
JSHINER Posted April 17, 2008 Share Posted April 17, 2008 Do echo $filename; and see what you get. Link to comment https://forums.phpfreaks.com/topic/101567-variable-as-part-of-the-redirect-url/#findComment-519532 Share on other sites More sharing options...
peter321 Posted April 17, 2008 Author Share Posted April 17, 2008 I am sorry it does show the intended URL. However, the part uses the URL is: //$theDir="http://www.xxx.com/files/"; //$filename = $theDir.$_GET['id']; $filename="http://www.xxx.com/files/6.pdf"; header('Cache-Control: maxage=3600'); //Adjust maxage appropriately header('Pragma: public'); header ("Content-Type: application/pdf"); header ('Content-Disposition: attachment;'); readfile($filename); This will work. However, if I use the variable part, it would not. There must be something about the readfile()that I do not know. Link to comment https://forums.phpfreaks.com/topic/101567-variable-as-part-of-the-redirect-url/#findComment-519550 Share on other sites More sharing options...
peter321 Posted April 17, 2008 Author Share Posted April 17, 2008 Can somebody explain this? How can I use a variable for different file names. Thanks. Link to comment https://forums.phpfreaks.com/topic/101567-variable-as-part-of-the-redirect-url/#findComment-519580 Share on other sites More sharing options...
JSHINER Posted April 17, 2008 Share Posted April 17, 2008 When you use the variable part, does the .pdf show up when you echo $filename? Are they all PDF? Link to comment https://forums.phpfreaks.com/topic/101567-variable-as-part-of-the-redirect-url/#findComment-519599 Share on other sites More sharing options...
peter321 Posted April 17, 2008 Author Share Posted April 17, 2008 Yes, it did. they are all pdf files. I am now to php and the problem might be that I joined two scripts together. When I tested the the download part alone, it worked. But together with the first part (login form), it does not. I list the whole joined scripts here and hope somebody can tell me what is causing the problem. <? /************************************************************\ * * * \************************************************************/ session_start(); //-------------------------- // user definable variables: //-------------------------- // maximum number of seconds user can remain idle without having to re-login: // use a value of zero for no timeout $max_session_time = 5; // type of alert to give on incorrect password: $alert = "./.ht_badlogins"; // acceptable passwords: $cmp_pass = Array(); $cmp_pass[] = md5("password"); $max_attempts = 0; // save session expiry time for later comparision $session_expires = $_SESSION['mpass_session_expires']; // have to do this otherwise max_attempts is actually one less than what you specify. $max_attempts++; if(!empty($_POST['upass']) | !empty($_POST['uname'])) { // store md5'ed password $_SESSION['mpass_pass'] = md5($_POST['uname'].$_POST['upass']); } if(empty($_SESSION['mpass_attempts'])) { $_SESSION['mpass_attempts'] = 0; } // if the session has expired, or the password is incorrect, show login page: if(($max_session_time>0 && !empty($session_expires) && mktime()>$session_expires) || empty($_SESSION['mpass_pass']) || !in_array($_SESSION['mpass_pass'],$cmp_pass)) { if(!empty($alert) && !in_array($_SESSION['mpass_pass'],$cmp_pass)) { // user has submitted incorrect password // generate alert: $_SESSION['mpass_attempts']++; $alert_str = $_SERVER['REMOTE_ADDR']." entered ".htmlspecialchars($_POST['mpass_pass'])." on page ".$_SERVER['PHP_SELF']." on ".date("l dS of F Y h:i:s A")."\r\n"; if(stristr($alert,"@")!==false) { // email alert @mail($alert,"Bad Login on ".$_SERVER['PHP_SELF'],$alert_str,"From: ".$alert); } else { // textfile alert $handle = @fopen($alert,'a'); if($handle) { fwrite($handle,$alert_str); fclose($handle); } } } // if hammering protection is enabled, lock user out if they've reached the maximum if($max_attempts>1 && $_SESSION['mpass_attempts']>=$max_attempts) { exit("Too many login failures."); } // clear session expiry time $_SESSION['mpass_session_expires'] = ""; ?> <html> <head> <title>Login</title> </head> <body> <p align="center"><b><font color="#0000FF" face="Arial">Please login to view the article</b></span> <P> <div align="center"> <p align="center"> <form action="<?=$_SERVER['PHP_SELF']?>" method="post"> <table> <TR> <TD> User ID: </TD> <TD> <input type="text" name="uname"></TD> </TR> <TR> <TD>Password: </TD> <TD><input type="password" name="upass"></TD> </TR> <TR> <TD><input type="submit" value="login" ></TD> <TD> </TD> </table> <p align="center"> <INPUT TYPE='BUTTON' VALUE='Close Window' onClick='window.close()'> </P> </form> </body> </html> <? // and exit exit(); } if they've got this far, they've entered the correct password: reset attempts $_SESSION['mpass_attempts'] = 0; update session expiry time $_SESSION['mpass_session_expires'] = mktime()+$max_session_time; // end password protection code ?> //end of the the login scripts <?php $theDir="files/"; $filename = $theDir.$_GET['id']; // required for IE, otherwise Content-disposition is ignored if(ini_get('zlib.output_compression')) ini_set('zlib.output_compression', 'Off'); // addition by Jorg Weske $file_extension = strtolower(substr(strrchr($filename,"."),1)); if( $filename == "" ) { echo "<html><title>eLouai's Download Script</title><body>ERROR: download file NOT SPECIFIED. USE force-download.php?file=filepath</body></html>"; exit; } elseif ( ! file_exists( $filename ) ) { echo "<html><title>eLouai's Download Script</title><body>ERROR: File not found. USE force-download.php?file=filepath</body></html>"; exit; }; switch( $file_extension ) { case "pdf": $ctype="application/pdf"; break; case "exe": $ctype="application/octet-stream"; break; case "zip": $ctype="application/zip"; break; case "doc": $ctype="application/msword"; break; case "xls": $ctype="application/vnd.ms-excel"; break; case "ppt": $ctype="application/vnd.ms-powerpoint"; break; case "gif": $ctype="image/gif"; break; case "png": $ctype="image/png"; break; case "jpeg": case "jpg": $ctype="image/jpg"; break; default: $ctype="application/force-download"; } header("Pragma: public"); // required header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: private",false); // required for certain browsers header("Content-Type: $ctype"); // change, added quotes to allow spaces in filenames, by Rajkumar Singh header("Content-Disposition: attachment; filename=\"".basename($filename)."\";" ); header("Content-Transfer-Encoding: binary"); header("Content-Length: ".filesize($filename)); readfile("$filename"); exit(); ?> Link to comment https://forums.phpfreaks.com/topic/101567-variable-as-part-of-the-redirect-url/#findComment-519644 Share on other sites More sharing options...
jonsjava Posted April 17, 2008 Share Posted April 17, 2008 after fixing some of your comments, I analyzed the code in zend. it looks good. here's the cleaned up version: <?php /************************************************************\ * * * \************************************************************/ session_start(); //-------------------------- // user definable variables: //-------------------------- // maximum number of seconds user can remain idle without having to re-login: // use a value of zero for no timeout $max_session_time = 5; // type of alert to give on incorrect password: $alert = "./.ht_badlogins"; // acceptable passwords: $cmp_pass = Array(); $cmp_pass[] = md5("password"); $max_attempts = 0; // save session expiry time for later comparision $session_expires = $_SESSION['mpass_session_expires']; // have to do this otherwise max_attempts is actually one less than what you specify. $max_attempts++; if(!empty($_POST['upass']) | !empty($_POST['uname'])) { // store md5'ed password $_SESSION['mpass_pass'] = md5($_POST['uname'].$_POST['upass']); } if(empty($_SESSION['mpass_attempts'])) { $_SESSION['mpass_attempts'] = 0; } // if the session has expired, or the password is incorrect, show login page: if(($max_session_time>0 && !empty($session_expires) && mktime()>$session_expires) || empty($_SESSION['mpass_pass']) || !in_array($_SESSION['mpass_pass'],$cmp_pass)) { if(!empty($alert) && !in_array($_SESSION['mpass_pass'],$cmp_pass)) { // user has submitted incorrect password // generate alert: $_SESSION['mpass_attempts']++; $alert_str = $_SERVER['REMOTE_ADDR']." entered ".htmlspecialchars($_POST['mpass_pass'])." on page ".$_SERVER['PHP_SELF']." on ".date("l dS of F Y h:i:s A")."\r\n"; if(stristr($alert,"@")!==false) { // email alert @mail($alert,"Bad Login on ".$_SERVER['PHP_SELF'],$alert_str,"From: ".$alert); } else { // textfile alert $handle = @fopen($alert,'a'); if($handle) { fwrite($handle,$alert_str); fclose($handle); } } } // if hammering protection is enabled, lock user out if they've reached the maximum if($max_attempts>1 && $_SESSION['mpass_attempts']>=$max_attempts) { exit("Too many login failures."); } // clear session expiry time $_SESSION['mpass_session_expires'] = ""; ?> <html> <head> <title>Login</title> </head> <body> <p align="center"><font color="#0000FF" face="Arial">Please login to view the article</span> <P> <div align="center"> <p align="center"> <form action="<?php print $_SERVER['PHP_SELF']; ?>" method="post"> <table> <TR> <TD> User ID: </TD> <TD> <input type="text" name="uname"></TD> </TR> <TR> <TD>Password: </TD> <TD><input type="password" name="upass"></TD> </TR> <TR> <TD><input type="submit" value="login" ></TD> <TD> </TD> </table> <p align="center"> <INPUT TYPE='BUTTON' VALUE='Close Window' onClick='window.close()'> </P> </form> </body> </html> <?php // and exit exit(); } /*if they've got this far, they've entered the correct password: reset attempts */ $_SESSION['mpass_attempts'] = 0; /*update session expiry time*/ $_SESSION['mpass_session_expires'] = mktime()+$max_session_time; // end password protection code ?> //end of the the login scripts <?php $theDir="files/"; $filename = $theDir.$_GET['id']; // required for IE, otherwise Content-disposition is ignored if(ini_get('zlib.output_compression')) ini_set('zlib.output_compression', 'Off'); // addition by Jorg Weske $file_extension = strtolower(substr(strrchr($filename,"."),1)); if( $filename == "" ) { echo "<html><title>eLouai's Download Script</title><body>ERROR: download file NOT SPECIFIED. USE force-download.php?file=filepath</body></html>"; exit; } elseif ( ! file_exists( $filename ) ) { echo "<html><title>eLouai's Download Script</title><body>ERROR: File not found. USE force-download.php?file=filepath</body></html>"; exit; }; switch( $file_extension ) { case "pdf": $ctype="application/pdf"; break; case "exe": $ctype="application/octet-stream"; break; case "zip": $ctype="application/zip"; break; case "doc": $ctype="application/msword"; break; case "xls": $ctype="application/vnd.ms-excel"; break; case "ppt": $ctype="application/vnd.ms-powerpoint"; break; case "gif": $ctype="image/gif"; break; case "png": $ctype="image/png"; break; case "jpeg": case "jpg": $ctype="image/jpg"; break; default: $ctype="application/force-download"; } header("Pragma: public"); // required header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: private",false); // required for certain browsers header("Content-Type: $ctype"); // change, added quotes to allow spaces in filenames, by Rajkumar Singh header("Content-Disposition: attachment; filename=\"".basename($filename)."\";" ); header("Content-Transfer-Encoding: binary"); header("Content-Length: ".filesize($filename)); readfile("$filename"); exit(); ?> Link to comment https://forums.phpfreaks.com/topic/101567-variable-as-part-of-the-redirect-url/#findComment-519649 Share on other sites More sharing options...
peter321 Posted April 17, 2008 Author Share Posted April 17, 2008 Thanks, jonsjava. But the code does not work on my site. If I just us the first part as a login script, it works. If I use the 2nd part as a download script without the password protection, it also works. But why it does not work when I join the two parts?? Link to comment https://forums.phpfreaks.com/topic/101567-variable-as-part-of-the-redirect-url/#findComment-519667 Share on other sites More sharing options...
jonsjava Posted April 17, 2008 Share Posted April 17, 2008 ??? I just cleaned it up for someone else to parse through easier. I didn't do any fixes except for a few small things. Link to comment https://forums.phpfreaks.com/topic/101567-variable-as-part-of-the-redirect-url/#findComment-519669 Share on other sites More sharing options...
peter321 Posted April 17, 2008 Author Share Posted April 17, 2008 I thought I might have found a solution. I keep them as two php file: file1.php check the login, I use: file1.php?id=6.pdf; The id is stored is $name=$_GET['id]. if the login is successful, it redirect via header('location: http://www.xxx.com/file2.php?name=$name'); The download part file2.php use the name to locate the file. However, I encountered some trouble in the header redirect part. Can somebody tell me how to use $name in the header if it is allowed. Link to comment https://forums.phpfreaks.com/topic/101567-variable-as-part-of-the-redirect-url/#findComment-519770 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.