Osram Posted June 14, 2015 Share Posted June 14, 2015 Hi I have a program that I want to distribute through the internet. The files of the program are packed in an exe installation file that I need to download to the users download tray. The only way I know to do this is by using an html form, like this: $file = "Progdirectory/installation-file.exe";echo "<form action=$file method=\"get\">";echo "<input type=\"submit\">";echo "</form>"; The problem with this solution is that everything is open. One can go into the source script and find the installation file and its address and then later download it directly from the URL address field of the browser. This is not what I want. I want to have full control with the downloading of the program and at least save the users e-mail address in a database. I know I can use a htaccess file to prevent access to the program folder, but I don’t want the user to have to type in a username and a password in a system pop-up dialogue window. I want to control all possible authentications from my own php program. In addition, I also want another web-page to open when the file is downloaded. This web-page will contain instructions of how to install the program. If someone at least could give me some hints of how to resolve some of these issues, it would be greatly appreciated. Best regards Quote Link to comment Share on other sites More sharing options...
requinix Posted June 15, 2015 Share Posted June 15, 2015 (edited) Make a PHP script output the file, rather than give the user a direct link to it. Then make sure the .exe isn't actually anywhere that can be accessed directly by the user, if they were to somehow find or guess where it was (this typically means outside of a "public_html" or "www" directory you have). Your PHP script can do whatever it wants in terms of authentication. When it's satisfied, it outputs the file's contents to the browser with a bit of supplemental information. $exe = "/path/to/file.exe"; header("Content-Type: application/octet-stream"); // binary file header("Content-Disposition: attachment; filename=\"installation-file.exe\""); // download as "installation-file.exe" header("Content-Length: " . filesize($exe)); // tells the browser and user how large the file download will be readfile($exe); // dump the file exit;What you cannot do is serve a download and HTML at once. Instead,1. Give the user a page where they would go to download the file. Do authentication here. 2. This page is where you give the instructions. 3. On that page, use a client-side redirect to send them to the PHP script that does the downloading. The browser will see it's a download and keep the previous page open. The client-side redirect looks like <script type="text/javascript"> window.setTimeout(function() { document.location.href = "/path/to/download/script.php"; }, 5000); // 5 seconds </script>If you don't like Javascript for some reason, <meta http-equiv="Refresh" content="5; url=/path/to/download/script.php">in the will also work. Edited June 15, 2015 by requinix Quote Link to comment Share on other sites More sharing options...
Osram Posted June 15, 2015 Author Share Posted June 15, 2015 Thank you very much for your answer. I guess, however, I must be doing something wrong, because when running the script, I don't get the exe file downloaded to my download folder, but only some strange text appearing on my web-site window, beginning with MZ@ !L!This program cannot be run in DOS mode. $]Y I have called the exe file for Testprogram.exe and placed it in a directory called Testing. Here is the whole program: <!DOCTYPE html><?php$exe = "Testing/Testprogram.exe";header("Content-Type: application/octet-stream");header("Content-Disposition: attachment; filename=\"Testprogram.exe\"");header("Content-Length: " . filesize($exe));readfile($exe);exit;?><html><body></body></html> Quote Link to comment Share on other sites More sharing options...
requinix Posted June 15, 2015 Share Posted June 15, 2015 1. Can't use header() if there has been any output. 2. The script cannot output anything except for what it does with readfile(). No HTML, no whitespace, nothing. <?php $exe = "Testing/Testprogram.exe"; header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename=\"Testprogram.exe\""); header("Content-Length: " . filesize($exe)); readfile($exe); exit;That's all you need. Quote Link to comment Share on other sites More sharing options...
Osram Posted June 15, 2015 Author Share Posted June 15, 2015 Hi, Yes, now it worked. Thank you so much. I have actually been troubling with this for a long time, having been trying many similar scripts that didn't work, because I didn't know that you had to strip them for all the regular html stuff. So I'm very happy that I now finally made it. If I could just make more one more following up question. In my web server I have to place the index file in my root directory, and I don't have access to any directory above or outside of the root. Do you have any other ideas how I possibly could hide the download file? One idea I have is to block the diretory listing with htaccess while using a long and complicated directory name, but maybe there could be better solutions? Best regards Quote Link to comment Share on other sites More sharing options...
Osram Posted June 18, 2015 Author Share Posted June 18, 2015 Well, I found the answer myself: You can have a deny all phrase in your htaccess file for a directory, and yet you can download a file from it. So this should be ok. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.