Help with file download

[garethhall]

Hey gurus ,

 

I am having trouble to make the file download script to work. I have used this script before and works but now I want to to work with some ajax sending the query strings. I am positive that i am getting the data to the page! Why isn't the download working?

<?php
include("../includes/conn.php");
include("../includes/shared.php");

// Allow direct file download (hotlinking)?
// Empty - allow hotlinking
// If set to nonempty value (Example: example.com) will only allow downloads when referrer contains this text
define('ALLOWED_REFERRER', '');


// Download folder, i.e. folder where you keep all files for download.
// MUST end with slash (i.e. "/" )
/*** Get file folder name ***/
function theFolderName($id){
	$sel = "SELECT compFolder FROM comp WHERE compID =".cv($id)." LIMIT 1";
	$rs = mysql_query($sel);
	$rw = mysql_fetch_assoc($rs);
	return $rw['compFolder'];
	mysql_free_result($rs);
}
define('BASE_DIR','../ql_uploads/'.theFolderName($_POST['compID']).'/');

// log downloads?  true/false
define('LOG_DOWNLOADS',true);

// log file name
define('LOG_FILE','downloads.log');

/*************** Get all extentions and content types ***************/
// If myme type is set to empty string then script will try to detect mime type 
// itself, which would only work if you have Mimetype or Fileinfo extensions
// installed on server.
$selE = "SELECT * FROM ext";//extention from DB
$rsE = mysql_query($selE,$admin);
$allowed_ext = array ();//create array to hold extentions and content type
while($rwE = mysql_fetch_assoc($rsE) ){
$allowed_ext[substr(strrchr($rwE['ext'],'.'),1)] = $rwE['extCon'];// add to the array
}

/*** Get file information from DB ***/
function theFile($fID,$col){
$sel = "SELECT fileName,fileOrigName FROM files WHERE fileID =".cv($fID)." LIMIT 1";
$rs = mysql_query($sel);
$rw = mysql_fetch_assoc($rs);
return $rw[$col];
mysql_free_result($rs);
}


// If hotlinking not allowed then make hackers think there are some server problems
if (ALLOWED_REFERRER !== '' && (!isset($_SERVER['HTTP_REFERER']) || strpos(strtoupper($_SERVER['HTTP_REFERER']),strtoupper(ALLOWED_REFERRER)) === false)) {
  die("Internal server error. Please contact system administrator.");
}

// Make sure program execution doesn't time out
// Set maximum script execution time in seconds (0 means no limit)
set_time_limit(0);


if(!isset($_POST['fileID']) || !isset($_POST['compID']) || empty($_POST['fileID']) && empty($_POST['compID']) ){
die("Please specify file name for download.");
}


// Get real file name.
// Remove any path info to avoid hacking by adding relative path, etc.
$fname = basename(theFile($_POST['fileID'],'fileName'));

// Check if the file exists
// Check in subfolders too
function find_file ($dirname, $fname, &$file_path) {

  $dir = opendir($dirname);

  while ($file = readdir($dir)) {
    if (empty($file_path) && $file != '.' && $file != '..') {
      if (is_dir($dirname.'/'.$file)) {
        find_file($dirname.'/'.$file, $fname, $file_path);
      }
      else {
        if (file_exists($dirname.'/'.$fname)) {
          $file_path = $dirname.'/'.$fname;
          return;
        }
      }
    }
  }

} // find_file

// get full file path (including subfolders)
$file_path = '';
find_file(BASE_DIR, $fname, $file_path);

if (!is_file($file_path)) {
  die("File does not exist. Make sure you specified correct file name."); 
}

// file size in bytes
$fsize = filesize($file_path); 

// file extension
$fext = strtolower(substr(strrchr($fname,"."),1));

// check if allowed extension
if (!array_key_exists($fext, $allowed_ext)) {
  die("Not allowed file type."); 
}

// get mime type
if ($allowed_ext[$fext] == '') {
  $mtype = '';
  // mime type is not set, get from server settings
  if (function_exists('mime_content_type')) {
    $mtype = mime_content_type($file_path);
  }
  else if (function_exists('finfo_file')) {
    $finfo = finfo_open(FILEINFO_MIME); // return mime type
    $mtype = finfo_file($finfo, $file_path);
    finfo_close($finfo);  
  }
  if ($mtype == '') {
    $mtype = "application/force-download";
  }
}
else {
  // get mime type defined by admin
  $mtype = $allowed_ext[$fext];
}

// Browser will try to save file with this filename, regardless original filename.
// You can override it if needed.

if (!isset($_POST['fileID']) || empty($_POST['fileID'])) {
  $asfname = $fname;
}else{
  // remove some bad chars
  $asfname = str_replace(array('"',"'",'\\','/'), '', theFile($_POST['fileID'],'fileOrigName'));
  if ($asfname === '') $asfname = 'NoName';
}
// set headers
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Type: $mtype");
header("Content-Disposition: attachment; filename=\"$asfname\"");
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . $fsize);

// download
@readfile($file_path);
$file = @fopen($file_path,"rb");
if ($file) {
  while(!feof($file)) {
    print(fread($file, 1024*);
    flush();

//DB UPDATE HERE
    
if (connection_status()!=0) {
      @fclose($file);
      die();
    }
  }
  @fclose($file);
}

// log downloads
if (!LOG_DOWNLOADS) die();

$f = @fopen(LOG_FILE, 'a+');
if ($f) {
  @fputs($f, date("m.d.Y g:ia")."  ".$_SERVER['REMOTE_ADDR']."  ".$fname."\n");
  @fclose($f);
}

mysql_free_result($rsE);
?>

 

[Goldeneye]

Try:

header('Content-Type: application/octet-stream');

 

instead of:

header("Content-Type: $mtype");

[garethhall]

Still no go. When I echo the xmlHttp.response text with Javascript I get the following.

"����