force download

Discussion in 'PHP' started by davidcarlson, Oct 26, 2008.

0
  1. #1
    I'm putting a page on my website to allow downloading of files with formats such as pdf, jpg, etc.


    I use a link in the html page: <a href="download.php?file=picture.jpg"> ... </a>

    the file "download.php" looks like this:

    <?php
    echo "Hello";
    $file = $_GET['file'];
    header (“Content-type: octet/stream”);
    header (“Content-disposition: attachment; filename=”.$file.“;”);
    header(“Content-Length: ”.filesize($file));
    readfile($file);
    exit;

    ?>

    The link doesn't work, however. The link opens a blank page with the correct address in the address bar. There is no "page not found" message, so the php file is correctly uploaded to my website, but no file download prompt appears. I inserted the second line (echo "Hello") to see if any of the php script worked, and it doesn't. There's no "hello" message, and no file download. Am I missing something from the php page? I tried enclosing it in <html> and <body> tags, but it still didn't work. Any advice would be appreciated.
     
    davidcarlson, Oct 26, 2008 IP
  2. logylaps

    logylaps Active Member

    Messages:
    761
    Likes Received:
    25
    Best Answers:
    0
    Trophy Points:
    85
    #2
    Try removing
    Also, DO NOT USE THIS SCRIPT!!! it is a MAJOR security hole. Anyone could hack your entire server with this.
     
    logylaps, Oct 26, 2008 IP
  3. ads2help

    ads2help Peon

    Messages:
    2,142
    Likes Received:
    67
    Best Answers:
    1
    Trophy Points:
    0
    #3 
    
<?php
ob_start();
echo "Hello";
$file = $_GET['file'];
header ("Content-type: octet/stream");
header ("Content-disposition: attachment; filename=".$file.";");
header("Content-Length: ".filesize($file));
readfile($file);
exit;
?>
    PHP:
    There should not be any output (even whitespace) before header() function.
    In the script u output a hello so it doesn't work.
    Use ob_start() just after <?php can overcome that. try using it?
     
    ads2help, Oct 26, 2008 IP
  4. joebert

    joebert Well-Known Member

    Messages:
    2,150
    Likes Received:
    88
    Best Answers:
    0
    Trophy Points:
    145
    #4
    This is straight out of the last script I worked on with the only change being I didn't include a type-setting function I have in use which is irrelevant to this code.

    HTH

    	$downloading = $_GET['downloading'];
	
	if(preg_match('#^[0-9a-f]{32}$#i', $downloading))
	{
		$wallpaper_file	= "$wallpapers_path/$downloading.jpg";
		
		header('Pragma: public');
		header('Expires: 0');
		header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
		header("Content-Type: application/force-download");
		header("Content-Type: application/octet-stream");
		header("Content-Type: application/download");
		header('Content-Disposition: attachment; filename="iPhone-Wallpaper.jpg";');
		header('Content-Length: ' . filesize($wallpaper_file));
		flush();// Get the headers out there early so the browser can get to work

		@set_time_limit(0);
		@readfile($wallpaper_file);
		flush();
		exit;
	}
	unset($downloading);
    Code (markup):
     
    joebert, Oct 26, 2008 IP
  5. davidcarlson

    davidcarlson Guest

    Messages:
    40
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    thanks everyone for your help, I'm going to do more research on php language and security issues before I try using php.
     
    davidcarlson, Oct 27, 2008 IP