file download

[droidus]

how can i give the option for a user to download a file?

[The Little Guy]

You can modify this code:

 

http://phpsnips.com/snippet.php?id=55

 

Mainly look at everything inside the "if" statement.

[droidus]

will see what i can do, and report back! thanks.

[droidus]

i am working on using this code, but i get an error when i go to open the image, that says:

 

"the image "[insert image path here]" cannot be dispalyed because it cotains errors" 

 

here is my code: http://pastebin.com/JuXUrKcC

[requinix]

Comment out the header()s and look for error messages.

[droidus]

hm, commented each one out at a time, but still get the error message...

[requinix]

Not one at a time. All of them. At once. Especially the Content-Type and Content-Disposition ones.

[droidus]

don't you need those headers to download the file?

 

it does nothing. 

[TeNDoLLA]

1. What is your current code?

2. what exactly is happening, any errors?

3. have you error reporting turned on?

4. have you removed the @-marks in front of functions to not ignore possible errors?

[droidus]

1) <?php

error_reporting(E_ALL);

###############################################################

# File Download 1.31

###############################################################

# Visit http://www.zubrag.com/scripts/ for updates

###############################################################

# Sample call:

#    download.php?f=phptutorial.zip

#

# Sample call (browser will try to save with new file name):

#    download.php?f=phptutorial.zip&fc=php123tutorial.zip

###############################################################

 

// Allow direct file download (hotlinking)?

// Empty - allow hotlinking

// If set to nonempty value (Example: example.com) will only allow downloads when referrer contains this text

define('ALLOWED_REFERRER', '');

 

// Download folder, i.e. folder where you keep all files for download.

// MUST end with slash (i.e. "/" )

define('BASE_DIR','/users/uname/uploads/');

 

// log downloads?  true/false

define('LOG_DOWNLOADS',true);

 

// log file name

define('LOG_FILE','downloads.log');

 

// Allowed extensions list in format 'extension' => 'mime type'

// If myme type is set to empty string then script will try to detect mime type

// itself, which would only work if you have Mimetype or Fileinfo extensions

// installed on server.

$allowed_ext = array (

 

  // archives

  'zip' => 'application/zip',

 

  // documents

  'pdf' => 'application/pdf',

  'doc' => 'application/msword',

  'xls' => 'application/vnd.ms-excel',

  'ppt' => 'application/vnd.ms-powerpoint',

 

  // executables

  'exe' => 'application/octet-stream',

 

  // images

  'gif' => 'image/gif',

  'png' => 'image/png',

  'jpg' => 'image/jpeg',

  'jpeg' => 'image/jpeg',

 

  // audio

  'mp3' => 'audio/mpeg',

  'wav' => 'audio/x-wav',

 

  // video

  'mpeg' => 'video/mpeg',

  'mpg' => 'video/mpeg',

  'mpe' => 'video/mpeg',

  'mov' => 'video/quicktime',

  'avi' => 'video/x-msvideo'

);

 

 

 

####################################################################

###  DO NOT CHANGE BELOW

####################################################################

 

// If hotlinking not allowed then make hackers think there are some server problems

if (ALLOWED_REFERRER !== ''

&& (!isset($_SERVER['HTTP_REFERER']) || strpos(strtoupper($_SERVER['HTTP_REFERER']),strtoupper(ALLOWED_REFERRER)) === false)

) {

  die("Internal server error. Please contact system administrator.");

}

 

// Make sure program execution doesn't time out

// Set maximum script execution time in seconds (0 means no limit)

set_time_limit(0);

 

if (!isset($_GET['f']) || empty($_GET['f'])) {

  die("Please specify file name for download.");

}

 

// Nullbyte hack fix

if (strpos($_GET['f'], "\0") !== FALSE) die('');

 

// Get real file name.

// Remove any path info to avoid hacking by adding relative path, etc.

$fname = basename($_GET['f']);

 

// Check if the file exists

// Check in subfolders too

function find_file ($dirname, $fname, &$file_path) {

  $dir = opendir("http://www.mysite.com/uploader/users/uname/uploads/iamge.png");

 

  while ($file = readdir($dir)) {

    if (empty($file_path) && $file != '.' && $file != '..') {

      if (is_dir($dirname.'/'.$file)) {

        find_file($dirname.'/'.$file, $fname, $file_path);

      }

      else {

        if (file_exists($dirname.'/'.$fname)) {

          $file_path = $dirname.'/'.$fname;

          return;

        }

      }

    }

  }

 

} // find_file

 

// get full file path (including subfolders)

$file_path = '';

find_file(BASE_DIR, $fname, $file_path);

 

 

 

// file size in bytes

$fsize = filesize($file_path);

 

// file extension

$fext = strtolower(substr(strrchr($fname,"."),1));

 

// check if allowed extension

if (!array_key_exists($fext, $allowed_ext)) {

  die("Not allowed file type.");

}

 

// get mime type

if ($allowed_ext[$fext] == '') {

  $mtype = '';

  // mime type is not set, get from server settings

  if (function_exists('mime_content_type')) {

    $mtype = mime_content_type($file_path);

  }

  else if (function_exists('finfo_file')) {

    $finfo = finfo_open(FILEINFO_MIME); // return mime type

    $mtype = finfo_file($finfo, $file_path);

    finfo_close($finfo); 

  }

  if ($mtype == '') {

    $mtype = "application/force-download";

  }

}

else {

  // get mime type defined by admin

  $mtype = $allowed_ext[$fext];

}

 

// Browser will try to save file with this filename, regardless original filename.

// You can override it if needed.

 

if (!isset($_GET['fc']) || empty($_GET['fc'])) {

  $asfname = $fname;

}

else {

  // remove some bad chars

  $asfname = str_replace(array('"',"'",'\\','/'), '', $_GET['fc']);

  if ($asfname === '') $asfname = 'NoName';

}

 

// set headers

header("Pragma: public");

header("Expires: 0");

header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

header("Cache-Control: public");

header("Content-Description: File Transfer");

header("Content-Type: $mtype");

header("Content-Disposition: attachment; filename=\"$asfname\"");

header("Content-Transfer-Encoding: binary");

header("Content-Length: " . $fsize);

 

// download

// @readfile($file_path);

$file = @fopen($dir,"rb");

if ($file) {

  while(!feof($file)) {

    print(fread($file, 1024*);

    flush();

    if (connection_status()!=0) {

      @fclose($file);

      die();

    }

  }

  @fclose($file);

}

 

// log downloads

if (!LOG_DOWNLOADS) die();

 

$f = @fopen(LOG_FILE, 'a+');

if ($f) {

  @fputs($f, date("m.d.Y g:ia")."  ".$_SERVER['REMOTE_ADDR']."  ".$fname."\n");

  @fclose($f);

}

 

?>

2)

3) errors:

Warning: opendir(users/uname/uploads/iamge.png) [function.opendir]: failed to open dir: Not a directory in /homepages/45/d222365928/htdocs/uploader/download.php on line 98

 

Warning: readdir(): supplied argument is not a valid Directory resource in /homepages/45/d222365928/htdocs/uploader/download.php on line 100

 

Warning: Cannot modify header information - headers already sent by (output started at /homepages/45/d222365928/htdocs/uploader/download.php:98) in /homepages/45/d222365928/htdocs/uploader/download.php on line 167

 

Warning: Cannot modify header information - headers already sent by (output started at /homepages/45/d222365928/htdocs/uploader/download.php:98) in /homepages/45/d222365928/htdocs/uploader/download.php on line 168

 

Warning: Cannot modify header information - headers already sent by (output started at /homepages/45/d222365928/htdocs/uploader/download.php:98) in /homepages/45/d222365928/htdocs/uploader/download.php on line 169

 

Warning: Cannot modify header information - headers already sent by (output started at /homepages/45/d222365928/htdocs/uploader/download.php:98) in /homepages/45/d222365928/htdocs/uploader/download.php on line 170

 

Warning: Cannot modify header information - headers already sent by (output started at /homepages/45/d222365928/htdocs/uploader/download.php:98) in /homepages/45/d222365928/htdocs/uploader/download.php on line 171

 

Warning: Cannot modify header information - headers already sent by (output started at /homepages/45/d222365928/htdocs/uploader/download.php:98) in /homepages/45/d222365928/htdocs/uploader/download.php on line 172

 

Warning: Cannot modify header information - headers already sent by (output started at /homepages/htdocs/uploader/download.php:98) in /homepages/45/d222365928/htdocs/uploader/download.php on line 173

 

Warning: Cannot modify header information - headers already sent by (output started at /homepages/htdocs/uploader/uploader/download.php:98) in /homepages/45/d222365928/htdocs/uploader/download.php on line 174

 

Warning: Cannot modify header information - headers already sent by (output started at /homepages/htdocs/uploader/uploader/download.php:98) in /homepages/45/d222365928/htdocs/uploader/download.php on line 175

Notice: Undefined variable: dir in /homepages/45/d222365928/htdocs/uploader/download.php on line 179

4) i remove all of the @'s, such as in: "@fclose($file);"?what are they used for?

[requinix]

Warning: opendir(users/uname/uploads/iamge.png) [function.opendir]: failed to open dir: Not a directory in /homepages/45/d222365928/htdocs/uploader/download.php on line 98

Warning: readdir(): supplied argument is not a valid Directory resource in /homepages/45/d222365928/htdocs/uploader/download.php on line 100

Notice: Undefined variable: dir in /homepages/45/d222365928/htdocs/uploader/download.php on line 179

Those are the errors you need to fix. You can ignore the "cannot modify header information" messages.

[droidus]

for the first error message, i have this code:

 

$dir = opendir("http://www.mysite.com/uploader/users/user/uploads/iamge.png");

 

i used the exact address of the site.  yet, i get:

 

Warning: opendir(http://www.mysite.com/uploader/users/user/uploads/iamge.png) [function.opendir]: failed to open dir: not implemented in /homepages/45/d222365928/htdocs/uploader/download.php on line 98

 

it should be able to open it... but what does "not implemented in..." mean?

[PFMaBiSmAd]

opendir expects the path to the directory that is to be opened. Directories are accessed using the operating system. You are trying to use a URL and in fact you are specifying a URL to an image - iamge.png. Even if you could use a URL with opendir, giving it the URL to an image is not what opendir is used for.

[droidus]

so i would have to use several "../"'s to access my hard drive, and to let them download the file?  that sounds dangerous, letting people access your hard drive.

[requinix]

that sounds dangerous, letting people access your hard drive.

Well then you best take down your website before anybody else accesses it!

 

If you're smart and careful with the paths then you'll be okay. Validation and sanitization are your friends.

[droidus]

so would i have to download the files to my hard disk, then select the directory from there?  i am not familiar with opendir as you can tell

[requinix]

PHP running on the server cannot access files on your computer. That's why you have to upload them. I was pointing out that anytime someone accesses your website they're accessing something on the hard drive.

 

Person uploads file. Server receives file and PHP automatically puts it into a temporary place. Script checks the file, makes sure it's acceptable, and (if so) moves it to its final destination.