J_K9 wrote:
Curt Zirzow wrote:
On Tue, Feb 14, 2006 at 09:02:50PM +0000, J_K9 wrote:
Hi,
I'm currently learning PHP, and I'd like to put it into practice to
help me learn. I want to make a download script so that if the value
of a certain variable is '1', the first download is selected, if it's
'2', the second is selected, and so on... But, all the time, the
download source's URI is not revealed.
As I was saying, I have a vague idea of how to do it - but I know
it's wrong. With the help of some others, I've managed to come up
with this:
|-----------------------
||<?php
if(!empty($_GET['file_id'])) {
switch ($_GET['file_id']) {
case 0:
echo "Please specify a file ID";
case 1:
header("Location: ./hidden--files/downloadme.zip");
break;
...
This is a method is rather known as 'security by obscurity'. If you
want to use this method instead of doing some sort of
authentication system, you need to make your file_id's more obscure
by using a more randomized value instead of 1,2,3...
Curt.
Hi,
It is security through obscurity, but I thought it is a technique I
should learn in case I would like to implement something similar in the
future. The reason I am not coding an authentication system is because I
have only just begun PHP, so am going for simple stuff. ;)
The file_id's were just examples as well - to keep what I meant simple.
How can I make that code work though? Is there another function I should
be using to pass up the file as a download to the user, or is this just
not possible?
Thanks,
J_K9
Set the stream to download and use readfile.
// Path to your file
$path = "./hidden--files/downloadme.zip";
// fix for IE catching or PHP bug issue
header("Pragma: public");
header("Expires: 0"); // set expiration time
header("Cache-Control: must-revalidate, post-check=0,
pre-check=0");
// browser must download file from server instead of cache
// force download dialog
header("Content-Type: application/force-download");
header("Content-Type: application/octet-stream");
header("Content-Type: application/download");
// use the Content-Disposition header to supply a
// recommended filename and
// force the browser to display the save dialog.
header("Content-Disposition: attachment; filename=".$path.";");
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize($path));
readfile($path);
have phun!
Barry
--
Smileys rule (cX.x)C --o(^_^o)
Dance for me! ^(^_^)o (o^_^)o o(^_^)^ o(^_^o)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php