Jump to content

PHP and Files

Lokolo

By Lokolo
in PHP Coding Help

 Share

Recommended Posts

Lokolo Member

Lokolo

Posted
Posted

Ok so I have some code

 

	case "Download Log":
	echo "Downloading... <br><br>";
	rename("$_SESSION[hotelID].txt", "log.txt");
                //download file
        break;

 

but I am not sure how to get it to download the file. (on the //download file bit).

 

_____________________

 

the next thing. as you can see from the above the files are based around the hotelID. how can I stop people typing www.url.com/1.txt and then gaining access to the files? (if this is possible) - I was thinking of having the hotelID go through some sort of algorithm like (*56 + 50)*4 to make the file name (so ID 1 would be file 424.txt - am I thinking correctly?

If so how could I encrypt it better, such as adding letters to the name.

 

_____________________

 

Wow long,

 

should be simple enough for the uber programmers,

 

thanks,

 

Lokolo

Link to comment
https://forums.phpfreaks.com/topic/51533-php-and-files/
Share on other sites
taith Regular Member

taith

Posted
Posted

just to give ya an idea ;-)

 

basically, on upload, it scrambles the url to any of a billion+ possibilities... and on download, it switches it back to the original :-)

 

a) on upload...

$target_path = "files/";
$ext=get_filetype(basename($_FILES['uploadedfile']['name']));
$realpath = $target_path.randomkeys(rand(10,40)).$ext;
$path = $target_path . basename( $_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $realpath)){
$date=date(z);
mysql_query("INSERT INTO im_files (`uid1`, `uid2`, `path`, `date`, `realpath`) VALUES('$id','$key','$path','$date','$realpath')");
$text=popup('`6'.get_username($id).' has added files',"files.php?op=viewall&key=$key");
$seconds=get_seconds();
$text = addslashes($text);
mysql_query("INSERT INTO im_messages (`text`, `uid1`, `uid2`, `date`, `time`, `from`) VALUES('$text', '$id', '$key','$date','$seconds','0')") or die(mysql_error());
echo '<script language="JavaScript">setTimeout("close()",0);</script>';
exit;
}

 

b) on download

$fid=$_GET[id];
$result=mysql_query("SELECT * FROM im_files WHERE `id`='$fid' LIMIT 1") or die(mysql_error());
$row=mysql_fetch_array($result);
if($row[uid2]==$id){
$filename = $row[realpath];
$filename = realpath($filename);
$file_extension = strtolower(substr(strrchr($filename,"."),1));
switch($file_extension){
 case "pdf": $ctype="application/pdf"; break;
 case "exe": $ctype="application/octet-stream"; break;
 case "zip": $ctype="application/zip"; break;
 case "doc": $ctype="application/msword"; break;
 case "xls": $ctype="application/vnd.ms-excel"; break;
 case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
 case "gif": $ctype="image/gif"; break;
 case "png": $ctype="image/png"; break;
 case "jpe":
 case "jpeg":
 case "jpg": $ctype="image/jpg"; break;
 default: $ctype="application/force-download";
}
if(!file_exists($filename)){
 mysql_query("DELETE FROM im_files WHERE `id`='$fid'") or die(mysql_error());
 die('<script language="JavaScript">setTimeout("close()",0);</script>');
}
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private",false);
header("Content-Type: $ctype");
header("Content-Disposition: attachment; filename=\"".basename($row[path])."\";");
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".@filesize($filename));
@set_time_limit(0);
@readfile("$filename") or die("File not found.");
$result=mysql_query("SELECT * FROM im_files WHERE `path`='$row[path]' AND `uid2`='$id'") or die(mysql_error());
while($row=mysql_fetch_array($result)){
 unlink($row[realpath]);
 mysql_query("DELETE FROM im_files WHERE `id`='$row[id]'") or die(mysql_error());
}
}
die('<script language="JavaScript">setTimeout("close()",0);</script>');

Link to comment
https://forums.phpfreaks.com/topic/51533-php-and-files/#findComment-253781
Share on other sites
Lokolo Member

Lokolo

Posted
  • Author
Posted

ah. they user doesn't upload it. I create it!

 

i create and update the log. the only things they can do are download and upload.

 

the only thing I can now think of is create a MySQL table with the hotelID and Encryption

 

i create the encryption completely randomly, check if one already exists (just incase), and then store it.

 

hotelID    Encryption

1              ab5nsj478sn

2              384jfn39jd0

3              83ncnc93j9

 

so files would be ab5nsj478sn.txt , 384jfn39jd0.txt, 83ncnc93j9.txt

 

then when updating/downloading etc. I can just get the encyrption from the table.

 

Thoughts?

 

(I would use your code but I am not exactly experienced! :P)

Link to comment
https://forums.phpfreaks.com/topic/51533-php-and-files/#findComment-253787
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.