Jump to content


This topic is now archived and is closed to further replies.


Force Download Script (Headers)

Recommended Posts

Right, I have made a script that will force the download of files rather than open them up/stream in their default application.

Here is the code

$User_Session = $_SESSION['username'];
if ($User_Session == "") {die("HAHA");}

$file = $_GET['file'];
if (strstr($file, "../")) {die("Unlucky Punk");}
$filesize = filesize($file);
$filename = explode("---", $file);

// required for IE, otherwise Content-disposition is ignored
  ini_set('zlib.output_compression', 'Off');

    header("Pragma: public");
    header("Expires: 0"); // set expiration time
    header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
    header("Content-Type: application/force-download");
    header("Content-Type: application/octet-stream");
    header("Content-Type: application/download");
    header("Content-Disposition: attachment; filename=$filename[1]");
    header("Content-Transfer-Encoding: binary");


Here are my questions

1: Is it secure? You will notice I checked the $_GEt for the occurance of [b]../[/b] to ensure people dont try and download files outside of the DIR (../../index.php) I think that secures that up, maybe someone knows another flaw in it which would allow people to download what ever file the want

2: This is a problem, for some reason, and this appears to be random, when download a file it can stop downloading after like the first 180kb and acts as if its completed the download. This is not just on certain files, it can happen to any file and seriously looks pretty random. I have no idea why. Their is no error messages, it just stops downloading.

Any help on those 2 points will be appreciated

Share this post

Link to post
Share on other sites


Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.