compudds Posted December 29, 2008 Share Posted December 29, 2008 I'm trying to allow clients to download a file and then it sends me an email telling me a file has been downloaded. The directory is /downloads/$_POST['Password'] . The password I will provide and will change for each client and thus point to a different directory. My code below works fine if I plug in the directory information ($downloads = "downloads/directory name") but if I use it as $downloads = "downloads/$password1" the directory gets lost. Can anyone help? The form that posts to this script has "Email", "Password" and a captcha "security_code" fields. <?php $email = $_POST['Email']; $password1 = $_POST['Password']; $myemail = "[email protected]"; $message = "XYZ, Inc. (email: [email protected] web: www.xyz.com)"; $safeFilename = '/^\w+\.\w+$/'; $filename = $_GET['filename']; $downloads = "downloads/$password1"; if ($filename == '') { menu(); } else { download(); } function menu() { global $safeFilename, $downloads, $email, $myemail, $message; $uri = $_SERVER['SCRIPT_URL']; ?> <?php $security_code1 = $_POST['security_code'] ; function check_email_address($email) { if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) { return false; } // Split it into sections to make life easier $email_array = explode("@", $email); $local_array = explode(".", $email_array[0]); for ($i = 0; $i < sizeof($local_array); $i++) { if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%& ?'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) { return false; } } if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { $domain_array = explode(".", $email_array[1]); if (sizeof($domain_array) < 2) { return false; // Not enough parts to domain } for ($i = 0; $i < sizeof($domain_array); $i++) { if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])| ?([A-Za-z0-9]+))$", $domain_array[$i])) { return false; } } } return true; } session_start(); if (check_email_address($email) !== false) { if(($_SESSION['security_code'] == $_POST['security_code']) && (!empty($_SESSION['security_code'])) ) { $dir = opendir($downloads); if (!$dir) { die("Password error, please re-enter your password. <a href='/downloads.html'> <u>Back</u></a>") ; } } else { // Insert your code for showing an error message here die("Invalid security code, please try again. <a href='/downloads.html'> <u>Back</u></a>") ; } } else { die("Invalid Email Address, please try again. <a href='/downloads.html'> <u>Back</u></a>") ; } ?> <html> <head> <title>Download Menu</title> </head> <body> <center> <form method="GET" action="<?php echo $uri?>"> <select name="filename"> <?php $dir = opendir($downloads); if (!$dir) { die("Bad downloads setting"); } while (($file = readdir($dir)) !== false) { // List only files with a safe filename if (preg_match($safeFilename, $file)) { ?> <option value="<?php echo $file?>"><?php echo $file?></option> <?php } } closedir($dir); ?> </select> <br><br><br> <input type="submit" name="download" value="Download Selected File"><br><br> <a href='/downloads.html'><u>Back to xyz, Inc.</u></a> </form> </center> </body> </html> <?php } function download() { global $filename, $safeFilename, $dir, $downloads, $email, $myemail, $message; if (!preg_match($safeFilename, $filename)) { error("Bad filename, trying to locate '/$downloads/$filename'"); die("Please try again. <a href='/downloads.html'> <u>Back</u></a>") ; } // Now make sure the file actually exists //if (!file_exists("$downloads/$filename")) { // error("File does not exist, trying to locate '/$downloads/$filename'"); // die("Please try again. // <a href='/downloads.html'> <u>Back</u></a>") ; //} header("Content-disposition: attachment; filename=$filename"); header("Content-type: text/html"); readfile("$downloads/$filename"); mail($myemail, "A File Has Been Downloaded From: /$downloads/$filename","From Email Address: $email", $message); exit(0); } function error($message) { ?> <html> <head> <title><?php echo $message?></title> </head> <body> <h1><?php echo $message?></h1> </body> </html> <?php } ?> Quote Link to comment https://forums.phpfreaks.com/topic/138776-solved-trying-to-allow-clients-to-download-a-file-with-a-password-i-provide/ Share on other sites More sharing options...
.josh Posted December 29, 2008 Share Posted December 29, 2008 try $password1 = trim($_POST['Password']); Quote Link to comment https://forums.phpfreaks.com/topic/138776-solved-trying-to-allow-clients-to-download-a-file-with-a-password-i-provide/#findComment-725618 Share on other sites More sharing options...
compudds Posted December 29, 2008 Author Share Posted December 29, 2008 Sorry, it didn't work. Now, it is not even finding the directory. Quote Link to comment https://forums.phpfreaks.com/topic/138776-solved-trying-to-allow-clients-to-download-a-file-with-a-password-i-provide/#findComment-725620 Share on other sites More sharing options...
.josh Posted December 29, 2008 Share Posted December 29, 2008 I thought you said it was doing that in the first place? Quote Link to comment https://forums.phpfreaks.com/topic/138776-solved-trying-to-allow-clients-to-download-a-file-with-a-password-i-provide/#findComment-725621 Share on other sites More sharing options...
.josh Posted December 29, 2008 Share Posted December 29, 2008 If this works: $password1 = $_POST['Password']; $downloads = "downloads/something"; but this doesn't: $password1 = $_POST['Password']; $downloads = "downloads/$password1"; then $_POST['Password'] is at fault. Either you used the wrong var name (capitalized the same? typo in spelling in your form?) or else there could be white space or even a \n thrown in there. trim will take care of the whiespace and/or \n. Quote Link to comment https://forums.phpfreaks.com/topic/138776-solved-trying-to-allow-clients-to-download-a-file-with-a-password-i-provide/#findComment-725624 Share on other sites More sharing options...
compudds Posted December 29, 2008 Author Share Posted December 29, 2008 It works if I put in the directory as $downloads = "downloads/SubDirectoryName"; but if I replace the actual name with the Password1 variable ($password1 = $_POST['Password']) and the $downloads = "downloads/$password1" the directory information gets lost in the function download(). Sorry for the confusion, I hope that clears it up. Quote Link to comment https://forums.phpfreaks.com/topic/138776-solved-trying-to-allow-clients-to-download-a-file-with-a-password-i-provide/#findComment-725627 Share on other sites More sharing options...
.josh Posted December 29, 2008 Share Posted December 29, 2008 right. That's what I thought you said in the first place. So you tried $password1 = trim($_POST['Password']); $downloads = "downloads/$password1"; and it still doesn't work? post your form. Or actually, is your form that takes in the password on some previous page? It looks to me that overall, you're getting password from a form on a previous page, and then going to this page to get more info, and then reloading this page, right? Well the posted info from the first page becomes lost after that. You're going to have to pass $password1 as a hidden field in the form on this page, or else put it into a session variable, so that it persists. Quote Link to comment https://forums.phpfreaks.com/topic/138776-solved-trying-to-allow-clients-to-download-a-file-with-a-password-i-provide/#findComment-725654 Share on other sites More sharing options...
compudds Posted December 29, 2008 Author Share Posted December 29, 2008 Yes, it is taking the password info from another page. I have tried the session variable as well and it was still getting lost. Additionally, I have tried adding a new variable $password2 = $password1 but that didn't work either. Quote Link to comment https://forums.phpfreaks.com/topic/138776-solved-trying-to-allow-clients-to-download-a-file-with-a-password-i-provide/#findComment-725663 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.