1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Download a Text File with 'Onchange'?

Discussion in 'PHP' started by FPForum, Oct 12, 2013.

  1. #1
    Hey everyone..Need a little help here but I'm not really sure if this is possible..

    First off, I have a ListSelect which hold 5 items. The first item asks the user to select one of the items in the list. When the user selects one of the other items in the list I want it to prompt them with a download box to download that particular file. Problem is, all the files in the list are text files..Therefor, it just opens them in the browser instead of prompting them to download.

    Here is my current code which opens the newly selected item in the browser
    
    onchange=\"window.location='$VARIABLE' + this.options[this.selectedIndex].value;\"
    
    Code (markup):
    I've tried using the following code to prompt the user to download..but it doesn't work. I select an item and nothing happens.
    
    onchange=\"<? header('Content-type: plain/text'); header('Content-Disposition: attachment; filename=''$VARIABLE' + this.options[this.selectedIndex].value''); readfile(''$VARIABLE' + this.options[this.selectedIndex].value'); ?>\"
    
    Code (markup):
    Is it possible to prompt the user to download a text file using the onchange method?
     
    FPForum, Oct 12, 2013 IP
  2. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,623
    Likes Received:
    725
    Best Answers:
    152
    Trophy Points:
    470
    #2
    Uhm... and this is a PHP-question how?... Javascript-forum is over there, mate *points*
     
    PoPSiCLe, Oct 12, 2013 IP
  3. hdewantara

    hdewantara Well-Known Member

    Messages:
    536
    Likes Received:
    47
    Best Answers:
    25
    Trophy Points:
    155
    #3
    Separate it into parts. Basically to...

    html:
    onchange = 'location.href=download.php?file=' + this.options[this.selectedIndex].value;

    download.php:
    header('Content-type: plain/text');
    header('Content-Disposition: attachment');
    readfile($_GET['file']);

    Hendra
     
    Last edited: Oct 12, 2013
    hdewantara, Oct 12, 2013 IP
    FPForum likes this.
  4. FPForum

    FPForum Notable Member

    Messages:
    4,171
    Likes Received:
    102
    Best Answers:
    0
    Trophy Points:
    225
    Digital Goods:
    2
    #4
    Hey hdewantara..Thanks for the response. I got that to work. Only problem now is that no matter which item you select in the list the file gets named download.php..I used the following code and was able to rename the download.php file to a download.txt file instead:

    in download.php
    
    header('Content-Disposition: filename="download.txt"');
    
    Code (markup):
    But, I don't want to name every file download.txt..Instead, I would like to name the file by the associated value in the list. So, I made the following changes:

    
    onchange='window.location=\"download.php?filename=\"this.options[this.selectedIndex].value\".txt&file=$VARIABLE\" + this.options[this.selectedIndex].value;'
    
    Code (markup):
    and now this is the last 2 lines of my download.php
    
    header('Content-Disposition: filename='($_GET['filename'])'');
    readfile($_GET['file']);
    
    Code (markup):
    However, it doesn't seam to work. Nothing happens when I select an item in the list again.

    Thanks again for your help!
     
    FPForum, Oct 12, 2013 IP
  5. hdewantara

    hdewantara Well-Known Member

    Messages:
    536
    Likes Received:
    47
    Best Answers:
    25
    Trophy Points:
    155
    #5
    Code looks okay to me :)

    Except this one perhaps:
    header('Content-Disposition: attachment; filename="' . $_GET['filename'] . '"');

    Any (javascript/php) error messages?
     
    hdewantara, Oct 12, 2013 IP
  6. FPForum

    FPForum Notable Member

    Messages:
    4,171
    Likes Received:
    102
    Best Answers:
    0
    Trophy Points:
    225
    Digital Goods:
    2
    #6
    Hey, thanks for getting back to me. I made the change you suggested but still nothing. No errors come up or error_logs being created. It just sits there any does nothing whenever I select an item in the list. I did clean the original line up a little as it looks like one or two things may not have been properly closed..But, still nothing

    
    $output = "\r\n\t<select class=\"xxlarge\" size=\"1\" id=\"downloadList\" name=\"list1\" onchange=\"window.location=download.php?filename='this.options[this.selectedIndex].value'.txt&file='$VARIABLE' + this.options[this.selectedIndex].value;\"><option value=\"1\">Please select a day</option>";
    
    Code (markup):
     
    FPForum, Oct 12, 2013 IP
  7. FPForum

    FPForum Notable Member

    Messages:
    4,171
    Likes Received:
    102
    Best Answers:
    0
    Trophy Points:
    225
    Digital Goods:
    2
    #7
    Okay, just an update on this as I've made a little bit more progress. I now get the file to rename properly and prompt me to save. But, when I save and open the file I do have an error.

    Here is the new code
    
    onchange=\"window.location='download.php?filename=fileDate' + this.options[this.selectedIndex].value;'&file=$VARIABLE' + this.options[this.selectedIndex].value;\"
    
    Code (markup):
    Here is the error
    
    <br />
    <b>Warning</b>:  readfile() [<a href='function.readfile'>function.readfile</a>]: Filename cannot be empty in <b>/home/username/public_html/folder/download.php</b> on line <b>4</b><br />
    
    Code (markup):
    Finally, here is the download.php file
    
    <?
    header('Content-type: plain/text');
    header('Content-Disposition: attachment; filename="' . $_GET['filename'] . '"');
    readfile($_GET['file']);
    ?>
    
    Code (markup):
     
    FPForum, Oct 12, 2013 IP
  8. hdewantara

    hdewantara Well-Known Member

    Messages:
    536
    Likes Received:
    47
    Best Answers:
    25
    Trophy Points:
    155
    #8
    Hmm,
    I think it's the onchange making problem:
    onchange=\"window.location='download.php?filename=fileDate' + this.options[this.selectedIndex].value;'&file=$VARIABLE' + this.options[this.selectedIndex].value;\"
    Code (markup):
    Could you paste how that code part is printed in your HTML page (not as PHP code) here?
     
    hdewantara, Oct 12, 2013 IP
    FPForum likes this.
  9. FPForum

    FPForum Notable Member

    Messages:
    4,171
    Likes Received:
    102
    Best Answers:
    0
    Trophy Points:
    225
    Digital Goods:
    2
    #9
    That's what I was thinking as well..and I think it's particularly in the &file= part..
    This is what the URL should look like:
    
    http://www.mydomain.com/download.php?filename=fileDate10-11-2013.txt&file=http://www.mydomain.com/folder/10-11-2013.txt
    
    Code (markup):
    the fileDate text is just something I put in there to add some text before the selectedIndex value. It seamed that when I was trying to get just the value it wouldn't work..Then, adding some text before it and adding the + fixed that..However, I think the issue is in this region:
    '&file=$VARIABLE'

    The first part of the URL is in a single quote: 'download.php?filename=fileDate'
    Then we add the selected index which is not in a single quote
    Then we perform another single quote to try and continue the URL: '&file=$VARIABLE'
    and Then we add the selected index which is not in a single quote again

    Maybe this is part of this issue? Thanks again!!
     
    FPForum, Oct 12, 2013 IP
  10. hdewantara

    hdewantara Well-Known Member

    Messages:
    536
    Likes Received:
    47
    Best Answers:
    25
    Trophy Points:
    155
    #10
    Aaa, you're very close then:)
    One missing 'plus' sign?

    onchange=\"window.location='download.php?filename=fileDate' + this.options[this.selectedIndex].value + '&file=$VARIABLE' + this.options[this.selectedIndex].value;\"
     
    hdewantara, Oct 12, 2013 IP
  11. nico_swd

    nico_swd Prominent Member

    Messages:
    4,153
    Likes Received:
    344
    Best Answers:
    18
    Trophy Points:
    375
    #11
    
    readfile($_GET['file']);
    
    PHP:
    ... remove this line NOW. Can you guess what happens when I go to download.php?file=/etc/passwd ?
     
    nico_swd, Oct 12, 2013 IP
  12. FPForum

    FPForum Notable Member

    Messages:
    4,171
    Likes Received:
    102
    Best Answers:
    0
    Trophy Points:
    225
    Digital Goods:
    2
    #12
    @ hdewantara - thanks for that correction. I've put it in there, but for some reason I still get the same error as above coming from download.php..

    @nico_swd - I don't think that would really play a role here. The download file is not in a home directory and I don't know that trying to access such a file under a user account would even be allowed?
     
    FPForum, Oct 12, 2013 IP
  13. nico_swd

    nico_swd Prominent Member

    Messages:
    4,153
    Likes Received:
    344
    Best Answers:
    18
    Trophy Points:
    375
    #13
    I would still be able to download any file from your server. Such as config.php files etc... You should validate the extension, and make sure the file can't be outside a specific folder.
     
    nico_swd, Oct 12, 2013 IP
  14. FPForum

    FPForum Notable Member

    Messages:
    4,171
    Likes Received:
    102
    Best Answers:
    0
    Trophy Points:
    225
    Digital Goods:
    2
    #14
    What would you recommend to validate the extension or lock it to a specific folder? I've tried to use the following code to lock it to a specific folder but it doesn't appear to work:
    
    readfile($_GET['http://www.mydomainhere.com/folder/location/' + 'file']);
    
    Code (markup):
    If this would work then I believe it would lock any download.php request to that file location, correct?
     
    FPForum, Oct 12, 2013 IP
  15. FPForum

    FPForum Notable Member

    Messages:
    4,171
    Likes Received:
    102
    Best Answers:
    0
    Trophy Points:
    225
    Digital Goods:
    2
    #15
    Okay..think I finally got it now. Maybe you can look at this @nico_swd and tell me what you think..

    download.php
    
    <?
    header('Content-Type: application/octet-stream');
    header('Content-Disposition: attachment; filename="' . $_GET['filename'] . '"');
    readfile('http://www.mydomain.com/folder/link/' . $_GET['file'] . '');
    ?>
    
    Code (markup):
     
    FPForum, Oct 12, 2013 IP
  16. ThePHPMaster

    ThePHPMaster Well-Known Member

    Messages:
    737
    Likes Received:
    52
    Best Answers:
    33
    Trophy Points:
    150
    #16
    I'll take it one step further and disable changing directories: $_GET['file'] = '../..differentlinkfolder'.

    
    <?php
    // Use absolute link when downloading as opposed to relative links, unless its a CDN
    $file = 'folder/link/' . str_replace(array('/', '\\'), '', $_GET['file']);
    if (!file_exists($file)) {
         die();
    }
    
    header('Content-Type: application/octet-stream');
    header('Content-Disposition: attachment; filename="' . $_GET['file'] . '"');
    readfile($file);
    ?>
    
    PHP:
     
    Last edited: Oct 13, 2013
    ThePHPMaster, Oct 13, 2013 IP
    FPForum likes this.
  17. deathshadow

    deathshadow Acclaimed Member

    Messages:
    9,732
    Likes Received:
    1,998
    Best Answers:
    253
    Trophy Points:
    515
    #17
    I have a question... why the blue blazes do people dick around with onchange on select and redirect BS to do an anchor (or series of anchors) with CSS' job?

    Likewise, the idiotic halfwit garbage of dicking around with trying to hide a static files location and using readfile... for *** sake just link the user to the file!
     
    deathshadow, Oct 14, 2013 IP
  18. FPForum

    FPForum Notable Member

    Messages:
    4,171
    Likes Received:
    102
    Best Answers:
    0
    Trophy Points:
    225
    Digital Goods:
    2
    #18
    For one, I myself don't want to do an anchor. Second of all, the purpose of hiding the static file locations and using the readfile method is because linking directly to a text file opens it in the browser and doesn't prompt you to download. You should know this and if you would have read all the posts maybe you would have.

    If you want to direct anchor to your files then that's your prerogative. Not all of us want to use this method. Welcome to the 21st century!
     
    FPForum, Oct 14, 2013 IP
  19. deathshadow

    deathshadow Acclaimed Member

    Messages:
    9,732
    Likes Received:
    1,998
    Best Answers:
    253
    Trophy Points:
    515
    #19
    Too simple? Too easy? Too useful to users?!? Gracefully degrades since it doesn't need any scripting asshattery?!? Lemme guess, it's just too little code to possibly work... :/

    .htaccess:
    AddType application/octet-stream .txt .doc .dot .otf .odt .rtf
    Code (markup):
    ... etc, etc, etc. If not on apache, most servers have ways of setting this without any goofy overhead.
     
    deathshadow, Oct 14, 2013 IP
  20. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,623
    Likes Received:
    725
    Best Answers:
    152
    Trophy Points:
    470
    #20
    Provided he can alter or add a .htaccess file. Not all hosts allow this, and he might not have the opportunity to change hosts. Don't assume that people are free to do whatever they want to achieve a goal. Sometimes, you have to take the long road. However, if .htaccess is available, yes! By all means, yes!
     
    PoPSiCLe, Oct 15, 2013 IP