Lokolo Posted May 15, 2007 Share Posted May 15, 2007 Ok so I have some code case "Download Log": echo "Downloading... <br><br>"; rename("$_SESSION[hotelID].txt", "log.txt"); //download file break; but I am not sure how to get it to download the file. (on the //download file bit). _____________________ the next thing. as you can see from the above the files are based around the hotelID. how can I stop people typing www.url.com/1.txt and then gaining access to the files? (if this is possible) - I was thinking of having the hotelID go through some sort of algorithm like (*56 + 50)*4 to make the file name (so ID 1 would be file 424.txt - am I thinking correctly? If so how could I encrypt it better, such as adding letters to the name. _____________________ Wow long, should be simple enough for the uber programmers, thanks, Lokolo Link to comment https://forums.phpfreaks.com/topic/51533-php-and-files/ Share on other sites More sharing options...
taith Posted May 15, 2007 Share Posted May 15, 2007 just to give ya an idea ;-) basically, on upload, it scrambles the url to any of a billion+ possibilities... and on download, it switches it back to the original :-) a) on upload... $target_path = "files/"; $ext=get_filetype(basename($_FILES['uploadedfile']['name'])); $realpath = $target_path.randomkeys(rand(10,40)).$ext; $path = $target_path . basename( $_FILES['uploadedfile']['name']); if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $realpath)){ $date=date(z); mysql_query("INSERT INTO im_files (`uid1`, `uid2`, `path`, `date`, `realpath`) VALUES('$id','$key','$path','$date','$realpath')"); $text=popup('`6'.get_username($id).' has added files',"files.php?op=viewall&key=$key"); $seconds=get_seconds(); $text = addslashes($text); mysql_query("INSERT INTO im_messages (`text`, `uid1`, `uid2`, `date`, `time`, `from`) VALUES('$text', '$id', '$key','$date','$seconds','0')") or die(mysql_error()); echo '<script language="JavaScript">setTimeout("close()",0);</script>'; exit; } b) on download $fid=$_GET[id]; $result=mysql_query("SELECT * FROM im_files WHERE `id`='$fid' LIMIT 1") or die(mysql_error()); $row=mysql_fetch_array($result); if($row[uid2]==$id){ $filename = $row[realpath]; $filename = realpath($filename); $file_extension = strtolower(substr(strrchr($filename,"."),1)); switch($file_extension){ case "pdf": $ctype="application/pdf"; break; case "exe": $ctype="application/octet-stream"; break; case "zip": $ctype="application/zip"; break; case "doc": $ctype="application/msword"; break; case "xls": $ctype="application/vnd.ms-excel"; break; case "ppt": $ctype="application/vnd.ms-powerpoint"; break; case "gif": $ctype="image/gif"; break; case "png": $ctype="image/png"; break; case "jpe": case "jpeg": case "jpg": $ctype="image/jpg"; break; default: $ctype="application/force-download"; } if(!file_exists($filename)){ mysql_query("DELETE FROM im_files WHERE `id`='$fid'") or die(mysql_error()); die('<script language="JavaScript">setTimeout("close()",0);</script>'); } header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: private",false); header("Content-Type: $ctype"); header("Content-Disposition: attachment; filename=\"".basename($row[path])."\";"); header("Content-Transfer-Encoding: binary"); header("Content-Length: ".@filesize($filename)); @set_time_limit(0); @readfile("$filename") or die("File not found."); $result=mysql_query("SELECT * FROM im_files WHERE `path`='$row[path]' AND `uid2`='$id'") or die(mysql_error()); while($row=mysql_fetch_array($result)){ unlink($row[realpath]); mysql_query("DELETE FROM im_files WHERE `id`='$row[id]'") or die(mysql_error()); } } die('<script language="JavaScript">setTimeout("close()",0);</script>'); Link to comment https://forums.phpfreaks.com/topic/51533-php-and-files/#findComment-253781 Share on other sites More sharing options...
Lokolo Posted May 15, 2007 Author Share Posted May 15, 2007 ah. they user doesn't upload it. I create it! i create and update the log. the only things they can do are download and upload. the only thing I can now think of is create a MySQL table with the hotelID and Encryption i create the encryption completely randomly, check if one already exists (just incase), and then store it. hotelID Encryption 1 ab5nsj478sn 2 384jfn39jd0 3 83ncnc93j9 so files would be ab5nsj478sn.txt , 384jfn39jd0.txt, 83ncnc93j9.txt then when updating/downloading etc. I can just get the encyrption from the table. Thoughts? (I would use your code but I am not exactly experienced! ) Link to comment https://forums.phpfreaks.com/topic/51533-php-and-files/#findComment-253787 Share on other sites More sharing options...
taith Posted May 15, 2007 Share Posted May 15, 2007 yup! mine was just to show ya how... once the files are hidden... you need to know where to find them, in order to steal em... so put em in a safe place /azaewr/ab5nsj478sn.txt for example :-) Link to comment https://forums.phpfreaks.com/topic/51533-php-and-files/#findComment-253803 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.