1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Download a Text File with 'Onchange'?

Discussion in 'PHP' started by FPForum, Oct 12, 2013.

  1. #1
    Hey everyone..Need a little help here but I'm not really sure if this is possible..

    First off, I have a ListSelect which hold 5 items. The first item asks the user to select one of the items in the list. When the user selects one of the other items in the list I want it to prompt them with a download box to download that particular file. Problem is, all the files in the list are text files..Therefor, it just opens them in the browser instead of prompting them to download.

    Here is my current code which opens the newly selected item in the browser
    Code (Text):
    1.  
    2. onchange=\"window.location='$VARIABLE' + this.options[this.selectedIndex].value;\"
    3.  
    I've tried using the following code to prompt the user to download..but it doesn't work. I select an item and nothing happens.
    Code (Text):
    1.  
    2. onchange=\"<? header('Content-type: plain/text'); header('Content-Disposition: attachment; filename=''$VARIABLE' + this.options[this.selectedIndex].value''); readfile(''$VARIABLE' + this.options[this.selectedIndex].value'); ?>\"
    3.  
    Is it possible to prompt the user to download a text file using the onchange method?
    FPForum, Oct 12, 2013 IP
  2. PoPSiCLe

    PoPSiCLe Well-Known Member

    Messages:
    1,216
    Likes Received:
    108
    Best Answers:
    51
    Trophy Points:
    160
    #2
    Uhm... and this is a PHP-question how?... Javascript-forum is over there, mate *points*
    PoPSiCLe, Oct 12, 2013 IP
  3. hdewantara

    hdewantara Member

    Messages:
    258
    Likes Received:
    8
    Best Answers:
    6
    Trophy Points:
    43
    #3
    Separate it into parts. Basically to...

    html:
    onchange = 'location.href=download.php?file=' + this.options[this.selectedIndex].value;

    download.php:
    header('Content-type: plain/text');
    header('Content-Disposition: attachment');
    readfile($_GET['file']);

    Hendra
    Last edited: Oct 12, 2013
    hdewantara, Oct 12, 2013 IP
    FPForum likes this.
  4. FPForum

    FPForum Well-Known Member

    Messages:
    3,644
    Likes Received:
    74
    Best Answers:
    0
    Trophy Points:
    135
    Digital Goods:
    1
    #4
    Hey hdewantara..Thanks for the response. I got that to work. Only problem now is that no matter which item you select in the list the file gets named download.php..I used the following code and was able to rename the download.php file to a download.txt file instead:

    in download.php
    Code (Text):
    1.  
    2. header('Content-Disposition: filename="download.txt"');
    3.  
    But, I don't want to name every file download.txt..Instead, I would like to name the file by the associated value in the list. So, I made the following changes:

    Code (Text):
    1.  
    2. onchange='window.location=\"download.php?filename=\"this.options[this.selectedIndex].value\".txt&file=$VARIABLE\" + this.options[this.selectedIndex].value;'
    3.  
    and now this is the last 2 lines of my download.php
    Code (Text):
    1.  
    2. header('Content-Disposition: filename='($_GET['filename'])'');
    3. readfile($_GET['file']);
    4.  
    However, it doesn't seam to work. Nothing happens when I select an item in the list again.

    Thanks again for your help!
    FPForum, Oct 12, 2013 IP
  5. hdewantara

    hdewantara Member

    Messages:
    258
    Likes Received:
    8
    Best Answers:
    6
    Trophy Points:
    43
    #5
    Code looks okay to me :)

    Except this one perhaps:
    header('Content-Disposition: attachment; filename="' . $_GET['filename'] . '"');

    Any (javascript/php) error messages?
    hdewantara, Oct 12, 2013 IP
  6. FPForum

    FPForum Well-Known Member

    Messages:
    3,644
    Likes Received:
    74
    Best Answers:
    0
    Trophy Points:
    135
    Digital Goods:
    1
    #6
    Hey, thanks for getting back to me. I made the change you suggested but still nothing. No errors come up or error_logs being created. It just sits there any does nothing whenever I select an item in the list. I did clean the original line up a little as it looks like one or two things may not have been properly closed..But, still nothing

    Code (Text):
    1.  
    2. $output = "\r\n\t<select class=\"xxlarge\" size=\"1\" id=\"downloadList\" name=\"list1\" onchange=\"window.location=download.php?filename='this.options[this.selectedIndex].value'.txt&file='$VARIABLE' + this.options[this.selectedIndex].value;\"><option value=\"1\">Please select a day</option>";
    3.  
    FPForum, Oct 12, 2013 IP
  7. FPForum

    FPForum Well-Known Member

    Messages:
    3,644
    Likes Received:
    74
    Best Answers:
    0
    Trophy Points:
    135
    Digital Goods:
    1
    #7
    Okay, just an update on this as I've made a little bit more progress. I now get the file to rename properly and prompt me to save. But, when I save and open the file I do have an error.

    Here is the new code
    Code (Text):
    1.  
    2. onchange=\"window.location='download.php?filename=fileDate' + this.options[this.selectedIndex].value;'&file=$VARIABLE' + this.options[this.selectedIndex].value;\"
    3.  
    Here is the error
    Code (Text):
    1.  
    2. <br />
    3. <b>Warning</b>:  readfile() [<a href='function.readfile'>function.readfile</a>]: Filename cannot be empty in <b>/home/username/public_html/folder/download.php</b> on line <b>4</b><br />
    4.  
    Finally, here is the download.php file
    Code (Text):
    1.  
    2. <?
    3. header('Content-type: plain/text');
    4. header('Content-Disposition: attachment; filename="' . $_GET['filename'] . '"');
    5. readfile($_GET['file']);
    6. ?>
    7.  
    FPForum, Oct 12, 2013 IP
  8. hdewantara

    hdewantara Member

    Messages:
    258
    Likes Received:
    8
    Best Answers:
    6
    Trophy Points:
    43
    #8
    Hmm,
    I think it's the onchange making problem:
    Code (Text):
    1. onchange=\"window.location='download.php?filename=fileDate' + this.options[this.selectedIndex].value;'&file=$VARIABLE' + this.options[this.selectedIndex].value;\"
    Could you paste how that code part is printed in your HTML page (not as PHP code) here?
    hdewantara, Oct 12, 2013 IP
    FPForum likes this.
  9. FPForum

    FPForum Well-Known Member

    Messages:
    3,644
    Likes Received:
    74
    Best Answers:
    0
    Trophy Points:
    135
    Digital Goods:
    1
    #9
    That's what I was thinking as well..and I think it's particularly in the &file= part..
    This is what the URL should look like:
    Code (Text):
    1.  
    2. http://www.mydomain.com/download.php?filename=fileDate10-11-2013.txt&file=http://www.mydomain.com/folder/10-11-2013.txt
    3.  
    the fileDate text is just something I put in there to add some text before the selectedIndex value. It seamed that when I was trying to get just the value it wouldn't work..Then, adding some text before it and adding the + fixed that..However, I think the issue is in this region:
    '&file=$VARIABLE'

    The first part of the URL is in a single quote: 'download.php?filename=fileDate'
    Then we add the selected index which is not in a single quote
    Then we perform another single quote to try and continue the URL: '&file=$VARIABLE'
    and Then we add the selected index which is not in a single quote again

    Maybe this is part of this issue? Thanks again!!
    FPForum, Oct 12, 2013 IP
  10. hdewantara

    hdewantara Member

    Messages:
    258
    Likes Received:
    8
    Best Answers:
    6
    Trophy Points:
    43
    #10
    Aaa, you're very close then:)
    One missing 'plus' sign?

    onchange=\"window.location='download.php?filename=fileDate' + this.options[this.selectedIndex].value + '&file=$VARIABLE' + this.options[this.selectedIndex].value;\"
    hdewantara, Oct 12, 2013 IP
  11. nico_swd

    nico_swd Prominent Member

    Messages:
    4,119
    Likes Received:
    331
    Best Answers:
    17
    Trophy Points:
    325
    #11
    PHP:
    1.  
    2. readfile($_GET['file']);
    3.  
    ... remove this line NOW. Can you guess what happens when I go to download.php?file=/etc/passwd ?
    nico_swd, Oct 12, 2013 IP
  12. FPForum

    FPForum Well-Known Member

    Messages:
    3,644
    Likes Received:
    74
    Best Answers:
    0
    Trophy Points:
    135
    Digital Goods:
    1
    #12
    @ hdewantara - thanks for that correction. I've put it in there, but for some reason I still get the same error as above coming from download.php..

    @nico_swd - I don't think that would really play a role here. The download file is not in a home directory and I don't know that trying to access such a file under a user account would even be allowed?
    FPForum, Oct 12, 2013 IP
  13. nico_swd

    nico_swd Prominent Member

    Messages:
    4,119
    Likes Received:
    331
    Best Answers:
    17
    Trophy Points:
    325
    #13
    I would still be able to download any file from your server. Such as config.php files etc... You should validate the extension, and make sure the file can't be outside a specific folder.
    nico_swd, Oct 12, 2013 IP
  14. FPForum

    FPForum Well-Known Member

    Messages:
    3,644
    Likes Received:
    74
    Best Answers:
    0
    Trophy Points:
    135
    Digital Goods:
    1
    #14
    What would you recommend to validate the extension or lock it to a specific folder? I've tried to use the following code to lock it to a specific folder but it doesn't appear to work:
    Code (Text):
    1.  
    2. readfile($_GET['http://www.mydomainhere.com/folder/location/' + 'file']);
    3.  
    If this would work then I believe it would lock any download.php request to that file location, correct?
    FPForum, Oct 12, 2013 IP
  15. FPForum

    FPForum Well-Known Member

    Messages:
    3,644
    Likes Received:
    74
    Best Answers:
    0
    Trophy Points:
    135
    Digital Goods:
    1
    #15
    Okay..think I finally got it now. Maybe you can look at this @nico_swd and tell me what you think..

    download.php
    Code (Text):
    1.  
    2. <?
    3. header('Content-Type: application/octet-stream');
    4. header('Content-Disposition: attachment; filename="' . $_GET['filename'] . '"');
    5. readfile('http://www.mydomain.com/folder/link/' . $_GET['file'] . '');
    6. ?>
    7.  
    FPForum, Oct 12, 2013 IP
  16. ThePHPMaster

    ThePHPMaster Active Member

    Messages:
    596
    Likes Received:
    30
    Best Answers:
    18
    Trophy Points:
    75
    #16
    I'll take it one step further and disable changing directories: $_GET['file'] = '../..differentlinkfolder'.

    PHP:
    1.  
    2. <?php
    3. // Use absolute link when downloading as opposed to relative links, unless its a CDN
    4. $file = 'folder/link/' . str_replace(array('/', '\\'), '', $_GET['file']);
    5. if (!file_exists($file)) {
    6.      die();
    7. }
    8.  
    9. header('Content-Type: application/octet-stream');
    10. header('Content-Disposition: attachment; filename="' . $_GET['file'] . '"');
    11. readfile($file);
    12. ?>
    13.  
    Last edited: Oct 13, 2013
    ThePHPMaster, Oct 13, 2013 IP
    FPForum likes this.
  17. deathshadow

    deathshadow Prominent Member

    Messages:
    5,976
    Likes Received:
    825
    Best Answers:
    144
    Trophy Points:
    395
    #17
    I have a question... why the blue blazes do people dick around with onchange on select and redirect BS to do an anchor (or series of anchors) with CSS' job?

    Likewise, the idiotic halfwit garbage of dicking around with trying to hide a static files location and using readfile... for *** sake just link the user to the file!
    deathshadow, Oct 14, 2013 IP
  18. FPForum

    FPForum Well-Known Member

    Messages:
    3,644
    Likes Received:
    74
    Best Answers:
    0
    Trophy Points:
    135
    Digital Goods:
    1
    #18
    For one, I myself don't want to do an anchor. Second of all, the purpose of hiding the static file locations and using the readfile method is because linking directly to a text file opens it in the browser and doesn't prompt you to download. You should know this and if you would have read all the posts maybe you would have.

    If you want to direct anchor to your files then that's your prerogative. Not all of us want to use this method. Welcome to the 21st century!
    FPForum, Oct 14, 2013 IP
  19. deathshadow

    deathshadow Prominent Member

    Messages:
    5,976
    Likes Received:
    825
    Best Answers:
    144
    Trophy Points:
    395
    #19
    Too simple? Too easy? Too useful to users?!? Gracefully degrades since it doesn't need any scripting asshattery?!? Lemme guess, it's just too little code to possibly work... :/

    .htaccess:
    Code (Text):
    1. AddType application/octet-stream .txt .doc .dot .otf .odt .rtf
    ... etc, etc, etc. If not on apache, most servers have ways of setting this without any goofy overhead.
    deathshadow, Oct 14, 2013 IP
  20. PoPSiCLe

    PoPSiCLe Well-Known Member

    Messages:
    1,216
    Likes Received:
    108
    Best Answers:
    51
    Trophy Points:
    160
    #20
    Provided he can alter or add a .htaccess file. Not all hosts allow this, and he might not have the opportunity to change hosts. Don't assume that people are free to do whatever they want to achieve a goal. Sometimes, you have to take the long road. However, if .htaccess is available, yes! By all means, yes!
    PoPSiCLe, Oct 15, 2013 IP