Directory Crawler

[dennismonsewicz]

I need a script that will "crawl" a directory and check to see if files exist and to print a 404 error page if someone tries to directly link to a file in the directory.

 

any ideas?

[Orio]

Well I am not really sure what you're asking for here... Do need to find if a certain file exists in a directory (and all of it's subdirectories) ?

 

Orio.

[dennismonsewicz]

Not really I already have a script running for the download once you are logged in.

 

What I am wanting is for when someone uploads a file, they can't just in the direct link to the file and download or see the file.

[Orio]

So either put the file outside of your public_html, or put it in a directory that has a .htaccess in it that says:

 

Deny from all

 

Then you could access these files via your php scripts and force download them.

 

Orio.

[dennismonsewicz]

so I could place the files in a folder outside of the public folder and still be able to force download them? what would the header() look like?

 

and I can't used .htaccess cause I am using IIS

[Orio]

If you want to force download a file, you'll need a few headers... Check this great force download script:

http://elouai.com/force-download.php

 

Of course you'll have to do some changes in there... In the end it should look like this I guess:

 

<?php

$base_dir = "/path/in/your/root/"; //The place you'll store the files

$filename = $_GET['file'];

//Add some validation here- Check if it's a valid file name

$file_extension = strtolower(substr(strrchr($filename,"."),1));

$filename = $base_dir . $filename;

if ( ! file_exists( $filename ) ) 
{
  echo "<html><title>eLouai's Download Script</title><body>ERROR: File not found. USE force-download.php?file=filepath</body></html>";
  exit;
};
switch( $file_extension )
{
  case "pdf": $ctype="application/pdf"; break;
  case "exe": $ctype="application/octet-stream"; break;
  case "zip": $ctype="application/zip"; break;
  case "doc": $ctype="application/msword"; break;
  case "xls": $ctype="application/vnd.ms-excel"; break;
  case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
  case "gif": $ctype="image/gif"; break;
  case "png": $ctype="image/png"; break;
  case "jpeg":
  case "jpg": $ctype="image/jpg"; break;
  default: $ctype="application/force-download";
}
// required for IE, otherwise Content-disposition is ignored
if(ini_get('zlib.output_compression'))
  ini_set('zlib.output_compression', 'Off');
header("Pragma: public"); // required
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private",false); // required for certain browsers 
header("Content-Type: $ctype");
// change, added quotes to allow spaces in filenames, by Rajkumar Singh
header("Content-Disposition: attachment; filename=\"".basename($filename)."\";" );
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize($filename));
readfile($filename);
exit();

?>

 

Don't forget adding security checks, that's very very important.

 

Orio.

[dennismonsewicz]

Thanks, I will have to try this tomorrow. I am leaving work now. Thanks for all the help!