freelance84 Posted June 16, 2011 Share Posted June 16, 2011 I am writing a script in which the user needs to be able to download a file (whatever it may be) from a specified directory on the server. I found the following site: http://www.boutell.com/newfaq/creating/forcedownload.html Where the author gives this for downloading the file... <?php header('Content-disposition: attachment; filename=movie.mpg'); header('Content-type: video/mpeg'); readfile('movie.mpg'); ?> I understand the logic behind the functionality of this, however for the above to be dynamic enough to fit all files... readfile() would need to include the path. Also, the filename in the header contain the appropriate name. Also, the Content-type: would need to be correct according to the file in question... it is here where i'm getting stuck. The version of PHP on the server I am using is 5.2.9 and will not be upgraded for 3 - 6 months. I understand that mime-content-type will return the appropriate information for the Content-type... when i run the mime-content-type i get the following: Fatal error: Call to undefined function mime_content_type() in /home/mysite/public_html/downloader.php on line 45 Before i realised that finfo-file was only available on php 5.3.0 onwards i got the same error message... does this mean that the mime-content-type has been removed by the host? If so is there another way i can retrieve what file type is being downloaded from the server?? PS/ If I am using an inefficient way of retrieving a file without the browser intercepting, please tell me... Quote Link to comment Share on other sites More sharing options...
redixx Posted June 16, 2011 Share Posted June 16, 2011 You must have the mime_magic extension on. Check your php.ini and look in phpinfo(). Quote Link to comment Share on other sites More sharing options...
freelance84 Posted June 16, 2011 Author Share Posted June 16, 2011 I cannot see mime_magic in the phpinfo... The only entry with magic are the 3 magic_quotes The only entry with mime is default_mimetype All of which are in the table PHP CORE Should i be contacting my host? Quote Link to comment Share on other sites More sharing options...
redixx Posted June 16, 2011 Share Posted June 16, 2011 Should i be contacting my host? Do they allow you access to the php.ini? Maybe the extension is just disabled. Otherwise, contact them and if they are a worthy host they will hook you up. Quote Link to comment Share on other sites More sharing options...
freelance84 Posted June 16, 2011 Author Share Posted June 16, 2011 No, i have no access the php.ini. I'll give them a call in the morning. Thanks ps// I've written a script that returns all directories and files from the public_html, and using AJAX I it can change the directory it is looking in... The folders named .. (a topic i learned about via this post) with the script i have written allow me to jump back a step as expected. The unexpected result is on my host: I can go back past the /public_html I can go back past the /mysite In fact i can go all the way back to the start of the drive the folder must be sat on the servers HDD! I can see all the different domains hosted (although i cannot access their folders), I can even see (what look to me) like folders and files i should not be seeing. I cant do this when using fileZilla or the cPanel file manager. Have I exposed (accidentally) a hole in their security? I will mention it to them in the morning when i contact them. But as I am looking at moving onto a dedicated server it would be interesting to know if this is something i might have to look out for... Quote Link to comment Share on other sites More sharing options...
redixx Posted June 16, 2011 Share Posted June 16, 2011 No, i have no access the php.ini. I'll give them a call in the morning. Thanks ps// I've written a script that returns all directories and files from the public_html, and using AJAX I it can change the directory it is looking in... The folders named .. (a topic i learned about via this post) with the script i have written allow me to jump back a step as expected. The unexpected result is on my host: I can go back past the /public_html I can go back past the /mysite In fact i can go all the way back to the start of the drive the folder must be sat on the servers HDD! I cant do this when using fileZilla or the cPanel file manager. Have I exposed (accidentally) a hole in their security? I will mention it to them in the morning when i contact them. But as I am looking at moving onto a dedicated server it would be interesting to know if this is something i might have to look out for... It's basically because the php file has different permissions than your FTP account in FileZilla does. You should only have permission to go the root of your account. Can you only view other files or can you create/modify them too? If so I think that is probably not intended. Quote Link to comment Share on other sites More sharing options...
freelance84 Posted June 16, 2011 Author Share Posted June 16, 2011 The file permissions were originally set to 644 After testing I found the script still ran ok on the following permissions: 744 755 However failed on when group or public permissions were set to write: 766 756 765 The script only reads and displays the contents of directories at the moment. As i cant use the 'mime_magic' extension at the i cannot download any of the files... maybe this is the reason they have decided to disable the mime_magic, as if it were on, then the php file i have written might have direct access the files i can see. I will contact them in the morning. Quote Link to comment Share on other sites More sharing options...
freelance84 Posted June 17, 2011 Author Share Posted June 17, 2011 Well, getting the 'mime_magic' turned on is taking a while. Instead I am going to start with this from the PHP Manual somebody posted: <?php if(!function_exists('mime_content_type')) { function mime_content_type($filename) { $mime_types = array( 'txt' => 'text/plain', 'htm' => 'text/html', 'html' => 'text/html', 'php' => 'text/html', 'css' => 'text/css', 'js' => 'application/javascript', 'json' => 'application/json', 'xml' => 'application/xml', 'swf' => 'application/x-shockwave-flash', 'flv' => 'video/x-flv', // images 'png' => 'image/png', 'jpe' => 'image/jpeg', 'jpeg' => 'image/jpeg', 'jpg' => 'image/jpeg', 'gif' => 'image/gif', 'bmp' => 'image/bmp', 'ico' => 'image/vnd.microsoft.icon', 'tiff' => 'image/tiff', 'tif' => 'image/tiff', 'svg' => 'image/svg+xml', 'svgz' => 'image/svg+xml', // archives 'zip' => 'application/zip', 'rar' => 'application/x-rar-compressed', 'exe' => 'application/x-msdownload', 'msi' => 'application/x-msdownload', 'cab' => 'application/vnd.ms-cab-compressed', // audio/video 'mp3' => 'audio/mpeg', 'qt' => 'video/quicktime', 'mov' => 'video/quicktime', // adobe 'pdf' => 'application/pdf', 'psd' => 'image/vnd.adobe.photoshop', 'ai' => 'application/postscript', 'eps' => 'application/postscript', 'ps' => 'application/postscript', // ms office 'doc' => 'application/msword', 'rtf' => 'application/rtf', 'xls' => 'application/vnd.ms-excel', 'ppt' => 'application/vnd.ms-powerpoint', // open office 'odt' => 'application/vnd.oasis.opendocument.text', 'ods' => 'application/vnd.oasis.opendocument.spreadsheet', ); $ext = strtolower(array_pop(explode('.',$filename))); if (array_key_exists($ext, $mime_types)) { return $mime_types[$ext]; } elseif (function_exists('finfo_open')) { $finfo = finfo_open(FILEINFO_MIME); $mimetype = finfo_file($finfo, $filename); finfo_close($finfo); return $mimetype; } else { return 'application/octet-stream'; } } } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.