Jump to content

PHP and Files


Lokolo

Recommended Posts

Ok so I have some code

 

	case "Download Log":
	echo "Downloading... <br><br>";
	rename("$_SESSION[hotelID].txt", "log.txt");
                //download file
        break;

 

but I am not sure how to get it to download the file. (on the //download file bit).

 

_____________________

 

the next thing. as you can see from the above the files are based around the hotelID. how can I stop people typing www.url.com/1.txt and then gaining access to the files? (if this is possible) - I was thinking of having the hotelID go through some sort of algorithm like (*56 + 50)*4 to make the file name (so ID 1 would be file 424.txt - am I thinking correctly?

If so how could I encrypt it better, such as adding letters to the name.

 

_____________________

 

Wow long,

 

should be simple enough for the uber programmers,

 

thanks,

 

Lokolo

Link to comment
https://forums.phpfreaks.com/topic/51533-php-and-files/
Share on other sites

just to give ya an idea ;-)

 

basically, on upload, it scrambles the url to any of a billion+ possibilities... and on download, it switches it back to the original :-)

 

a) on upload...

$target_path = "files/";
$ext=get_filetype(basename($_FILES['uploadedfile']['name']));
$realpath = $target_path.randomkeys(rand(10,40)).$ext;
$path = $target_path . basename( $_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $realpath)){
$date=date(z);
mysql_query("INSERT INTO im_files (`uid1`, `uid2`, `path`, `date`, `realpath`) VALUES('$id','$key','$path','$date','$realpath')");
$text=popup('`6'.get_username($id).' has added files',"files.php?op=viewall&key=$key");
$seconds=get_seconds();
$text = addslashes($text);
mysql_query("INSERT INTO im_messages (`text`, `uid1`, `uid2`, `date`, `time`, `from`) VALUES('$text', '$id', '$key','$date','$seconds','0')") or die(mysql_error());
echo '<script language="JavaScript">setTimeout("close()",0);</script>';
exit;
}

 

b) on download

$fid=$_GET[id];
$result=mysql_query("SELECT * FROM im_files WHERE `id`='$fid' LIMIT 1") or die(mysql_error());
$row=mysql_fetch_array($result);
if($row[uid2]==$id){
$filename = $row[realpath];
$filename = realpath($filename);
$file_extension = strtolower(substr(strrchr($filename,"."),1));
switch($file_extension){
 case "pdf": $ctype="application/pdf"; break;
 case "exe": $ctype="application/octet-stream"; break;
 case "zip": $ctype="application/zip"; break;
 case "doc": $ctype="application/msword"; break;
 case "xls": $ctype="application/vnd.ms-excel"; break;
 case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
 case "gif": $ctype="image/gif"; break;
 case "png": $ctype="image/png"; break;
 case "jpe":
 case "jpeg":
 case "jpg": $ctype="image/jpg"; break;
 default: $ctype="application/force-download";
}
if(!file_exists($filename)){
 mysql_query("DELETE FROM im_files WHERE `id`='$fid'") or die(mysql_error());
 die('<script language="JavaScript">setTimeout("close()",0);</script>');
}
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private",false);
header("Content-Type: $ctype");
header("Content-Disposition: attachment; filename=\"".basename($row[path])."\";");
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".@filesize($filename));
@set_time_limit(0);
@readfile("$filename") or die("File not found.");
$result=mysql_query("SELECT * FROM im_files WHERE `path`='$row[path]' AND `uid2`='$id'") or die(mysql_error());
while($row=mysql_fetch_array($result)){
 unlink($row[realpath]);
 mysql_query("DELETE FROM im_files WHERE `id`='$row[id]'") or die(mysql_error());
}
}
die('<script language="JavaScript">setTimeout("close()",0);</script>');

Link to comment
https://forums.phpfreaks.com/topic/51533-php-and-files/#findComment-253781
Share on other sites

ah. they user doesn't upload it. I create it!

 

i create and update the log. the only things they can do are download and upload.

 

the only thing I can now think of is create a MySQL table with the hotelID and Encryption

 

i create the encryption completely randomly, check if one already exists (just incase), and then store it.

 

hotelID    Encryption

1              ab5nsj478sn

2              384jfn39jd0

3              83ncnc93j9

 

so files would be ab5nsj478sn.txt , 384jfn39jd0.txt, 83ncnc93j9.txt

 

then when updating/downloading etc. I can just get the encyrption from the table.

 

Thoughts?

 

(I would use your code but I am not exactly experienced! :P)

Link to comment
https://forums.phpfreaks.com/topic/51533-php-and-files/#findComment-253787
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.