Jump to content


Force Download Script (Headers)

  • Please log in to reply
No replies to this topic

#1 jaymc

  • Members
  • PipPipPip
  • Advanced Member
  • 1,521 posts
  • LocationLiverpool

Posted 17 October 2006 - 10:19 PM

Right, I have made a script that will force the download of files rather than open them up/stream in their default application.

Here is the code

$User_Session = $_SESSION['username'];
if ($User_Session == "") {die("HAHA");}

$file = $_GET['file'];
if (strstr($file, "../")) {die("Unlucky Punk");}
$filesize = filesize($file);
$filename = explode("---", $file);

// required for IE, otherwise Content-disposition is ignored
  ini_set('zlib.output_compression', 'Off');

    header("Pragma: public");
    header("Expires: 0"); // set expiration time
    header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
    header("Content-Type: application/force-download");
    header("Content-Type: application/octet-stream");
    header("Content-Type: application/download");
    header("Content-Disposition: attachment; filename=$filename[1]");
    header("Content-Transfer-Encoding: binary");


Here are my questions

1: Is it secure? You will notice I checked the $_GEt for the occurance of ../ to ensure people dont try and download files outside of the DIR (../../index.php) I think that secures that up, maybe someone knows another flaw in it which would allow people to download what ever file the want

2: This is a problem, for some reason, and this appears to be random, when download a file it can stop downloading after like the first 180kb and acts as if its completed the download. This is not just on certain files, it can happen to any file and seriously looks pretty random. I have no idea why. Their is no error messages, it just stops downloading.

Any help on those 2 points will be appreciated
I would love to change the world, but they won't give me the source code

SEO Agency

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users