Jump to content
OmarSaab

download files with php

Recommended Posts

So I am creating a small file manager to manage uploaded files into a certain directory on my sever. I have created the attached code, but the issue is that when I click the download button, the webpage (html file) itself gets downloaded instead of the file in the directory that is supposed to be downloaded.

Please note that there is no upload file type restrictions, so there are any file type you can imagine in this directory.

I can't recognize the error in my code.

Any help will be highly appreciated and that you in advance

 

<html>
	<head>
		<title>My first PHP Page</title>
	</head>
	<body>
		<table border="1">
		<?php
			$dir = 'uploads';
			$files = scandir($dir);
			sort($files);
			$count = -1 ;
			foreach ($files as $file) {
				$v_download = "download_".$count;
				$v_delete = "delete_".$count;
				$v_rename = "rename_".$count;
				$fileName = $file;
				if ($file != '.' && $file != '..') {
					echo "<tr>";
					echo "<td>";
					echo $count;
					echo "</td>";
					echo "<td>";
					echo $file;
					echo "</td>";
					echo "<td>";
					echo "<form action='' method='post'><input type='submit' value='Download' name='".$v_download."'/></form>";
					if(isset($_POST[$v_download])) {
                		$filename = $_POST[$file];
                		header('Content-type: '.filetype($filename).'/'.pathinfo($filename, PATHINFO_EXTENSION));
                		header('Content-Disposition: attachment; filename="'.$filename.'"');
                		readfile('uploads/'.$filename);
                		exit();
					}
					echo "</td>";
					echo "<td>";
					echo "<form action='' method='post'><input type='submit' value='Delete' name='".$v_delete."'/></form>";
					if(isset($_POST[$v_delete])) {
                		// Your php delete code here
						echo "delete file : ".$file;
					}
					echo "</td>";
					echo "<td>";
					echo "<form action='' method='post'><input type='submit' value='Rename' name='".$v_rename."'/></form>";
					if(isset($_POST[$v_rename])) {
                		// Your php rename code here
						echo "rename file : ".$file;
					}
					echo "</td>";
					echo "</tr>";
				}
				$count++;
			}
		?>
		</table>
	</body>
</html>

list.html

Edited by requinix
adding code inline

Share this post


Link to post
Share on other sites

I'm confused by your mix of "upload" and "download". Please clarify - are you moving files from your client (PC) to the server for storage or are you bringing files FROM your server to your client PC? Personally, I would call the former an upload the latter a download.

Share this post


Link to post
Share on other sites

First off, letting users upload arbitrary files is suicidal. It's an open invitation to attack your server and other visitors. You can also get into legal trouble when your server starts spreading malware, copyrighted material or other illegal files.

 

Don't do this, not even for testing, not even for a short amount of time.

 

The “file manager” also cannot be taken seriously. It isn't even able to reliably distinguish between the different files, because the numbering scheme changes whenever the directory content changes. If I delete the “second file”, I have no idea if that's still the same file I saw when the page was initially loaded. It could be anything now.

 

If you just want direct access to your filesystem, use SCP/SFTP. Otherwise you need to know what you're doing. A file upload must involve strict validation and a database for properly managing files.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.