jagguy Posted July 16, 2007 Share Posted July 16, 2007 Any advice on securing you directory for uploads and downloads I hardcode the dir to load to and download from. The user just passes the filename but my downloads get hijacked. I have no idea $file_path = $myvar."/files/" . $file; $file_extension = strtolower(substr(strrchr($file,"."),1)); if ((isset($file))&&(file_exists('files/'.$file))) { switch( $file_extension )//hijacked after this point???? { case "pdf": $ctype="application/pdf"; break; case "exe": $ctype="application/octet-stream"; break; case "zip": $ctype="application/zip"; break; case "doc": $ctype="application/msword"; break; case "xls": $ctype="application/vnd.ms-excel"; break; case "ppt": $ctype="application/vnd.ms-powerpoint"; break; case "gif": $ctype="image/gif"; break; case "png": $ctype="image/png"; break; case "jpg": $ctype="image/jpg"; break; default: $ctype="application/force-download"; Link to comment https://forums.phpfreaks.com/topic/60215-securing-you-directory-for-uploads-and-downloads/ Share on other sites More sharing options...
lur Posted July 16, 2007 Share Posted July 16, 2007 Check out basename(), realpath() and pathinfo(). Link to comment https://forums.phpfreaks.com/topic/60215-securing-you-directory-for-uploads-and-downloads/#findComment-299553 Share on other sites More sharing options...
jagguy Posted July 17, 2007 Author Share Posted July 17, 2007 OK so my problem is variables being set correctly and verified and the program somehow redirecting(when i take the echo statements out) so i am confused about what to do still. Link to comment https://forums.phpfreaks.com/topic/60215-securing-you-directory-for-uploads-and-downloads/#findComment-300055 Share on other sites More sharing options...
jagguy Posted July 17, 2007 Author Share Posted July 17, 2007 Forget the previous posts as i have got the error down to this. Warning</b>: filesize() [<a href='function.filesize'>function.filesize</a>]: stat failed for http://jagguy.ej.am/school/test/files/2linux.txt in <b>/home/jagguy/public_html/school/test/download2.php</b> on line <b>96 here is the code and the line 96 header("Content-type: application/force-download"); header("Content-Transfer-Encoding: Binary"); header("Content-length: ".filesize($file_path)); //warning here line 96 header("Content-Type: $ctype"); header('Content-Disposition: attachment; filename="' . $file . '"'); readfile("$file_path"); I dont get this problem on my pc so i dont know how to solve it. Link to comment https://forums.phpfreaks.com/topic/60215-securing-you-directory-for-uploads-and-downloads/#findComment-300259 Share on other sites More sharing options...
jagguy Posted July 18, 2007 Author Share Posted July 18, 2007 I just used a @ command to suppress the warning. Link to comment https://forums.phpfreaks.com/topic/60215-securing-you-directory-for-uploads-and-downloads/#findComment-301007 Share on other sites More sharing options...
jagguy Posted July 19, 2007 Author Share Posted July 19, 2007 Does anyone know how to fix this problem or i just suppress it? Link to comment https://forums.phpfreaks.com/topic/60215-securing-you-directory-for-uploads-and-downloads/#findComment-302104 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.