Re: Routing downloads through PHP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



J_K9 wrote:
Curt Zirzow wrote:

On Tue, Feb 14, 2006 at 09:02:50PM +0000, J_K9 wrote:

Hi,

I'm currently learning PHP, and I'd like to put it into practice to help me learn. I want to make a download script so that if the value of a certain variable is '1', the first download is selected, if it's '2', the second is selected, and so on... But, all the time, the download source's URI is not revealed.

As I was saying, I have a vague idea of how to do it - but I know it's wrong. With the help of some others, I've managed to come up with this:

|-----------------------
||<?php

if(!empty($_GET['file_id'])) {
      switch ($_GET['file_id']) {
   case 0:
      echo "Please specify a file ID";
   case 1:
      header("Location: ./hidden--files/downloadme.zip");
      break;
...


This is a method is rather known as 'security by obscurity'. If you
want to use this method instead of doing some sort of
authentication system, you need to make your file_id's more obscure
by using a more randomized value instead of 1,2,3...
Curt.


Hi,

It is security through obscurity, but I thought it is a technique I should learn in case I would like to implement something similar in the future. The reason I am not coding an authentication system is because I have only just begun PHP, so am going for simple stuff. ;)

The file_id's were just examples as well - to keep what I meant simple.

How can I make that code work though? Is there another function I should be using to pass up the file as a download to the user, or is this just not possible?

Thanks,

J_K9

Set the stream to download and use readfile.

// Path to your file
$path = "./hidden--files/downloadme.zip";

// fix for IE catching or PHP bug issue
header("Pragma: public");
header("Expires: 0"); // set expiration time
header("Cache-Control: must-revalidate, post-check=0,
	pre-check=0");
// browser must download file from server instead of cache

// force download dialog
header("Content-Type: application/force-download");
header("Content-Type: application/octet-stream");
header("Content-Type: application/download");

// use the Content-Disposition header to supply a
// recommended filename and
// force the browser to display the save dialog.
header("Content-Disposition: attachment; filename=".$path.";");
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize($path));

readfile($path);

have phun!

Barry

--
Smileys rule (cX.x)C --o(^_^o)
Dance for me! ^(^_^)o (o^_^)o o(^_^)^ o(^_^o)

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux