Jump to content

Recommended Posts

Hi

 

I have a program that I want to distribute through the internet. The files of the program are packed in an exe installation file that I need to download to the users download tray. The only way I know to do this is by using an html form, like this:

 

$file = "Progdirectory/installation-file.exe";
echo "<form action=$file method=\"get\">";
echo "<input type=\"submit\">";
echo "</form>";

 

The problem with this solution is that everything is open. One can go into the source script and find the installation file and its address and then later download it directly from the URL address field of the browser. This is not what I want. I want to have full control with the downloading of the program and at least save the users e-mail address in a database.

 

I know I can use a htaccess file to prevent access to the program folder, but I don’t want the user to have to type in a username and a password in a system pop-up dialogue window. I want to control all possible authentications from my own php program.

 

In addition, I also want another web-page to open when the file is downloaded. This web-page will contain instructions of how to install the program.

 

If someone at least could give me some hints of how to resolve some of these issues, it would be greatly appreciated.

 

Best regards

 

 

 

 

Make a PHP script output the file, rather than give the user a direct link to it. Then make sure the .exe isn't actually anywhere that can be accessed directly by the user, if they were to somehow find or guess where it was (this typically means outside of a "public_html" or "www" directory you have).

 

Your PHP script can do whatever it wants in terms of authentication. When it's satisfied, it outputs the file's contents to the browser with a bit of supplemental information.

$exe = "/path/to/file.exe";

header("Content-Type: application/octet-stream"); // binary file
header("Content-Disposition: attachment; filename=\"installation-file.exe\""); // download as "installation-file.exe"
header("Content-Length: " . filesize($exe)); // tells the browser and user how large the file download will be
readfile($exe); // dump the file
exit;
What you cannot do is serve a download and HTML at once. Instead,

1. Give the user a page where they would go to download the file. Do authentication here.

2. This page is where you give the instructions.

3. On that page, use a client-side redirect to send them to the PHP script that does the downloading. The browser will see it's a download and keep the previous page open.

 

The client-side redirect looks like

<script type="text/javascript">
window.setTimeout(function() {
	document.location.href = "/path/to/download/script.php";
}, 5000); // 5 seconds
</script>
If you don't like Javascript for some reason,

<meta http-equiv="Refresh" content="5; url=/path/to/download/script.php">
in the will also work. Edited by requinix

Thank you very much for your answer. I guess, however, I must be doing something wrong, because when running the script, I don't get the exe file downloaded to my download folder, but only some strange text appearing on my web-site window, beginning with

 

MZ@ !L!This program cannot be run in DOS mode. $]Y

 

 

I have called the exe file for Testprogram.exe and placed it in a directory called Testing.

 

Here is the whole program:

 

<!DOCTYPE html>
<?php
$exe = "Testing/Testprogram.exe";
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename=\"Testprogram.exe\"");
header("Content-Length: " . filesize($exe));
readfile($exe);
exit;
?>
<html>
<body>
</body>
</html>

1. Can't use header() if there has been any output.

2. The script cannot output anything except for what it does with readfile(). No HTML, no whitespace, nothing.

<?php

$exe = "Testing/Testprogram.exe";
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename=\"Testprogram.exe\"");
header("Content-Length: " . filesize($exe));
readfile($exe);
exit;
That's all you need.

Hi,

 

Yes, now it worked. Thank you so much. I have actually been troubling with this for a long time, having been trying many similar scripts that didn't work, because I didn't know that you had to strip them for all the regular html stuff. So I'm very happy that I now finally made it.

 

If I could just make more one more following up question.  In my web server I have to place the index file in my root directory, and I don't have access to any directory above or outside of the root. Do you have any other ideas how I possibly could hide the download file? One idea I have is to block the diretory listing with htaccess while using a long and complicated directory name, but maybe there could be better solutions?

 

Best regards

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.