A download page?

[Jragon]

How can i create a download page that allows you to download *.php files on your server. Because if you just click on it it sends you to the page but I just want it to download it. Also i want to be able to do that on the .jpeg files.

 

Thanks

 

Jragon

[dragon_sa]

I found this to help you out

create a file called download.php and put this code in it

<?php
$path = $_SERVER['DOCUMENT_ROOT']."/"; // change the path to fit your websites document structure
$fullPath = $path.$_GET['download_file'];

if ($fd = fopen ($fullPath, "r")) {
    $fsize = filesize($fullPath);
    $path_parts = pathinfo($fullPath);
    $ext = strtolower($path_parts["extension"]);
    switch ($ext) {
        case "pdf":
        header("Content-type: application/pdf"); // add here more headers for diff. extensions
header("Content-type: application/php");
        header("Content-Disposition: attachment; filename=\"".$path_parts["basename"]."\""); // use 'attachment' to force a download
        break;
        default;
        header("Content-type: application/octet-stream");
        header("Content-Disposition: filename=\"".$path_parts["basename"]."\"");
    }
    header("Content-length: $fsize");
    header("Cache-control: private"); //use this to open files directly
    while(!feof($fd)) {
        $buffer = fread($fd, 2048);
        echo $buffer;
    }
}
fclose ($fd);
exit;
?>

Be sure to look at the top of the script to make sure the path to your files is correct

 

then on the page you want to download files from ad links like this

<a href="download.php?download_file=file_to_download.php">Download Here</a>

 

[Jragon]

Could you explain how that works plaese.

[the182guy]

There is no need to set the exact content-type, application octet-stream will work.

 

If you're allowing users to download PHP scripts then you must check the file requested is not one of your websites core PHP scripts for example your database credentials script.

 

Have a look at this example from here.

 

<?php
$file = 'monkey.gif';

if (file_exists($file)) {
    header('Content-Description: File Transfer');
    header('Content-Type: application/octet-stream');
    header('Content-Disposition: attachment; filename='.basename($file));
    header('Content-Transfer-Encoding: binary');
    header('Expires: 0');
    header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
    header('Pragma: public');
    header('Content-Length: ' . filesize($file));
    ob_clean();
    flush();
    readfile($file);
    exit;
}
?>

[dragon_sa]

The first part of the script points to the directory of downloadable files, as long as you only kept the files for download in that directory the core site php files would be safe

[the182guy]

The first part of the script points to the directory of downloadable files, as long as you only kept the files for download in that directory the core site php files would be safe

 

Ok so the path is set to document_root/downloads

 

I could just post:

 

../includes/dbconnect.php

[dragon_sa]

point taken, to check we could use opendir to list the files from the download directory and put them into an array, then check to see if the requested file is in the array, if it is send the file if it isnt send an error message and return