Jump to content

variable as part of the redirect URL?


peter321

Recommended Posts

I am implementing a php scripts that, when invoked like "program.php?$id", the value of the variable will be used as part of an URL. I used

 

$theDir="http://xxx.com/files/";

$filename = $theDir.$_GET['id'];

 

However it produces an error and apparently $filename is not working. What part is wrong, please help.

Link to comment
https://forums.phpfreaks.com/topic/101567-variable-as-part-of-the-redirect-url/
Share on other sites

Do you have ?id=X in the URL?

 

You want it to work like this right:

 

URL: http://www.thesite.com/program.php?id=6

 

$theDir = "http://www.xxx.com/files/";

$filename = $theDir.$_GET['id'];

 

Final result being http://www.xxx.com/files/6

Yes, that is what I want. If I use

 

$filename="http://www.xxx.com/files/6.pdf";

 

directly in the program, the program will find the file, but when I use

 

program.php?id=6.pdf

 

$theDir="http://xxx.com/files/";

$filename = $theDir.$_GET['id'];

 

the file is not found.

I am sorry it does show the intended URL. However, the part uses the URL is:

 

//$theDir="http://www.xxx.com/files/";

//$filename = $theDir.$_GET['id'];

 

$filename="http://www.xxx.com/files/6.pdf";

 

header('Cache-Control: maxage=3600'); //Adjust maxage appropriately

header('Pragma: public');

 

        header ("Content-Type: application/pdf");

        header ('Content-Disposition: attachment;');

        readfile($filename);

 

This will work. However, if I use the variable part, it would not. There must be something about the readfile()that I do not know.

Yes, it did. they are all pdf files.

 

I am now to php and the problem might be that I joined two scripts together. When I tested the the download part alone, it worked. But together with the first part (login form), it does not. I list the whole joined scripts here and hope somebody can tell me what is causing the problem.

 

<?

/************************************************************\

*

*

*

\************************************************************/

 

 

session_start();

 

//--------------------------

// user definable variables:

//--------------------------

 

// maximum number of seconds user can remain idle without having to re-login:

// use a value of zero for no timeout

$max_session_time = 5;

 

// type of alert to give on incorrect password:

 

$alert = "./.ht_badlogins";

 

// acceptable passwords:

$cmp_pass = Array();

$cmp_pass[] = md5("password");

 

$max_attempts = 0;

 

 

// save session expiry time for later comparision

$session_expires = $_SESSION['mpass_session_expires'];

 

// have to do this otherwise max_attempts is actually one less than what you specify.

$max_attempts++;

 

if(!empty($_POST['upass']) | !empty($_POST['uname']))

{

// store md5'ed password

$_SESSION['mpass_pass'] = md5($_POST['uname'].$_POST['upass']);

}

 

if(empty($_SESSION['mpass_attempts']))

{

$_SESSION['mpass_attempts'] = 0;

}

 

// if the session has expired, or the password is incorrect, show login page:

if(($max_session_time>0 && !empty($session_expires) && mktime()>$session_expires) || empty($_SESSION['mpass_pass']) || !in_array($_SESSION['mpass_pass'],$cmp_pass))

{

if(!empty($alert) && !in_array($_SESSION['mpass_pass'],$cmp_pass))

{

// user has submitted incorrect password

// generate alert:

 

$_SESSION['mpass_attempts']++;

 

$alert_str = $_SERVER['REMOTE_ADDR']." entered ".htmlspecialchars($_POST['mpass_pass'])." on page ".$_SERVER['PHP_SELF']." on ".date("l dS of F Y h:i:s A")."\r\n";

 

if(stristr($alert,"@")!==false)

{

// email alert

@mail($alert,"Bad Login on ".$_SERVER['PHP_SELF'],$alert_str,"From: ".$alert);

} else {

// textfile alert

$handle = @fopen($alert,'a');

if($handle)

{

fwrite($handle,$alert_str);

fclose($handle);

}

}

}

// if hammering protection is enabled, lock user out if they've reached the maximum

if($max_attempts>1 && $_SESSION['mpass_attempts']>=$max_attempts)

{

exit("Too many login failures.");

}

 

 

// clear session expiry time

$_SESSION['mpass_session_expires'] = "";

 

?>

 

<html>

<head>

<title>Login</title>

</head>

 

<body>

<p align="center"><b><font color="#0000FF" face="Arial">Please login to view the article</b></span>

<P>

<div align="center">

<p align="center">

<form action="<?=$_SERVER['PHP_SELF']?>" method="post">

<table>

<TR>

<TD> User ID: </TD>

<TD>  <input type="text" name="uname"></TD>

</TR>

<TR>

<TD>Password: </TD>

<TD><input type="password" name="upass"></TD>

</TR>

<TR>

<TD><input type="submit"  value="login" ></TD>

<TD>

</TD>

 

</table>

<p align="center"> <INPUT TYPE='BUTTON' VALUE='Close Window' onClick='window.close()'> </P>

</form>

</body>

</html>

 

<?

// and exit

exit();

}

 

if they've got this far, they've entered the correct password:

reset attempts

$_SESSION['mpass_attempts'] = 0;

 

update session expiry time

$_SESSION['mpass_session_expires'] = mktime()+$max_session_time;

 

// end password protection code

?>

 

//end of the the login scripts

 

 

<?php

 

 

$theDir="files/";

$filename = $theDir.$_GET['id'];

 

// required for IE, otherwise Content-disposition is ignored

if(ini_get('zlib.output_compression'))

  ini_set('zlib.output_compression', 'Off');

 

// addition by Jorg Weske

$file_extension = strtolower(substr(strrchr($filename,"."),1));

 

if( $filename == "" )

{

  echo "<html><title>eLouai's Download Script</title><body>ERROR: download file NOT SPECIFIED. USE force-download.php?file=filepath</body></html>";

  exit;

} elseif ( ! file_exists( $filename ) )

{

  echo "<html><title>eLouai's Download Script</title><body>ERROR: File not found. USE force-download.php?file=filepath</body></html>";

  exit;

};

switch( $file_extension )

{

  case "pdf": $ctype="application/pdf"; break;

  case "exe": $ctype="application/octet-stream"; break;

  case "zip": $ctype="application/zip"; break;

  case "doc": $ctype="application/msword"; break;

  case "xls": $ctype="application/vnd.ms-excel"; break;

  case "ppt": $ctype="application/vnd.ms-powerpoint"; break;

  case "gif": $ctype="image/gif"; break;

  case "png": $ctype="image/png"; break;

  case "jpeg":

  case "jpg": $ctype="image/jpg"; break;

  default: $ctype="application/force-download";

}

header("Pragma: public"); // required

header("Expires: 0");

header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

header("Cache-Control: private",false); // required for certain browsers

header("Content-Type: $ctype");

// change, added quotes to allow spaces in filenames, by Rajkumar Singh

header("Content-Disposition: attachment; filename=\"".basename($filename)."\";" );

header("Content-Transfer-Encoding: binary");

header("Content-Length: ".filesize($filename));

readfile("$filename");

exit();

 

?>

 

after fixing some of your comments, I analyzed the code in zend. it looks good. here's the cleaned up version:

<?php
/************************************************************\
*
*
*
\************************************************************/


session_start();

//--------------------------
// user definable variables:
//--------------------------

// maximum number of seconds user can remain idle without having to re-login:
// use a value of zero for no timeout
$max_session_time = 5;

// type of alert to give on incorrect password:

$alert = "./.ht_badlogins";

// acceptable passwords:
$cmp_pass = Array();
$cmp_pass[] = md5("password");

$max_attempts = 0;


// save session expiry time for later comparision
$session_expires = $_SESSION['mpass_session_expires'];

// have to do this otherwise max_attempts is actually one less than what you specify.
$max_attempts++;

if(!empty($_POST['upass']) | !empty($_POST['uname']))
{
   // store md5'ed password
   $_SESSION['mpass_pass'] = md5($_POST['uname'].$_POST['upass']);
}

if(empty($_SESSION['mpass_attempts']))
{
   $_SESSION['mpass_attempts'] = 0;
}

// if the session has expired, or the password is incorrect, show login page:
if(($max_session_time>0 && !empty($session_expires) && mktime()>$session_expires) || empty($_SESSION['mpass_pass']) || !in_array($_SESSION['mpass_pass'],$cmp_pass))
{
   if(!empty($alert) && !in_array($_SESSION['mpass_pass'],$cmp_pass))
   {
      // user has submitted incorrect password
      // generate alert:

      $_SESSION['mpass_attempts']++;
      
      $alert_str = $_SERVER['REMOTE_ADDR']." entered ".htmlspecialchars($_POST['mpass_pass'])." on page ".$_SERVER['PHP_SELF']." on ".date("l dS of F Y h:i:s A")."\r\n";
      
      if(stristr($alert,"@")!==false)
      {
         // email alert
         @mail($alert,"Bad Login on ".$_SERVER['PHP_SELF'],$alert_str,"From: ".$alert);
      } else {
         // textfile alert
         $handle = @fopen($alert,'a');
         if($handle)
         {
            fwrite($handle,$alert_str);
            fclose($handle);
         }
      }
   }
   // if hammering protection is enabled, lock user out if they've reached the maximum
   if($max_attempts>1 && $_SESSION['mpass_attempts']>=$max_attempts)
   {
      exit("Too many login failures.");
   }


   // clear session expiry time
   $_SESSION['mpass_session_expires'] = "";

   ?>

<html>
<head>
<title>Login</title>
</head>

<body>
<p align="center"><font color="#0000FF" face="Arial">Please login to view the article</span>
<P>
<div align="center">
<p align="center">
<form action="<?php print $_SERVER['PHP_SELF']; ?>" method="post">
<table>
   <TR>
      <TD> User ID: </TD>
      <TD>  <input type="text" name="uname"></TD>
   </TR>
   <TR>
      <TD>Password: </TD>
      <TD><input type="password" name="upass"></TD>
   </TR>
   <TR>
      <TD><input type="submit"  value="login" ></TD>
      <TD>
      </TD>

</table>
<p align="center">   <INPUT TYPE='BUTTON' VALUE='Close Window' onClick='window.close()'> </P>
</form>
</body>
</html>

<?php
   // and exit
   exit();
}

/*if they've got this far, they've entered the correct password:
reset attempts */
$_SESSION['mpass_attempts'] = 0;

/*update session expiry time*/
$_SESSION['mpass_session_expires'] = mktime()+$max_session_time;

// end password protection code
?>

//end of the the login scripts


<?php


$theDir="files/";
$filename = $theDir.$_GET['id'];

// required for IE, otherwise Content-disposition is ignored
if(ini_get('zlib.output_compression'))
  ini_set('zlib.output_compression', 'Off');

// addition by Jorg Weske
$file_extension = strtolower(substr(strrchr($filename,"."),1));

if( $filename == "" )
{
  echo "<html><title>eLouai's Download Script</title><body>ERROR: download file NOT SPECIFIED. USE force-download.php?file=filepath</body></html>";
  exit;
} elseif ( ! file_exists( $filename ) )
{
  echo "<html><title>eLouai's Download Script</title><body>ERROR: File not found. USE force-download.php?file=filepath</body></html>";
  exit;
};
switch( $file_extension )
{
  case "pdf": $ctype="application/pdf"; break;
  case "exe": $ctype="application/octet-stream"; break;
  case "zip": $ctype="application/zip"; break;
  case "doc": $ctype="application/msword"; break;
  case "xls": $ctype="application/vnd.ms-excel"; break;
  case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
  case "gif": $ctype="image/gif"; break;
  case "png": $ctype="image/png"; break;
  case "jpeg":
  case "jpg": $ctype="image/jpg"; break;
  default: $ctype="application/force-download";
}
header("Pragma: public"); // required
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private",false); // required for certain browsers
header("Content-Type: $ctype");
// change, added quotes to allow spaces in filenames, by Rajkumar Singh
header("Content-Disposition: attachment; filename=\"".basename($filename)."\";" );
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize($filename));
readfile("$filename");
exit();

?>

Thanks, jonsjava. But the code does not work on my site. If I just us the first part as a login script, it works. If I use the 2nd part as a download script without the password protection, it also works. But why it does not work when I join the two parts??  >:(

I thought I might have found a solution. I keep them as two php file: file1.php check the login,

 

I use: file1.php?id=6.pdf;

 

The id is stored is $name=$_GET['id].  if the login is successful, it redirect via

 

header('location: http://www.xxx.com/file2.php?name=$name');

 

The download part file2.php use the name to locate the file.

 

However, I encountered some trouble in the header redirect part. Can somebody tell me how to use $name in the header if it is allowed.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.