Barry wrote:
J_K9 wrote:
Curt Zirzow wrote:
On Tue, Feb 14, 2006 at 09:02:50PM +0000, J_K9 wrote:
Hi,
I'm currently learning PHP, and I'd like to put it into practice to
help me learn. I want to make a download script so that if the value
of a certain variable is '1', the first download is selected, if
it's '2', the second is selected, and so on... But, all the time,
the download source's URI is not revealed.
As I was saying, I have a vague idea of how to do it - but I know
it's wrong. With the help of some others, I've managed to come up
with this:
|-----------------------
||<?php
if(!empty($_GET['file_id'])) {
switch ($_GET['file_id']) {
case 0:
echo "Please specify a file ID";
case 1:
header("Location: ./hidden--files/downloadme.zip");
break;
...
This is a method is rather known as 'security by obscurity'. If you
want to use this method instead of doing some sort of
authentication system, you need to make your file_id's more obscure
by using a more randomized value instead of 1,2,3...
Curt.
Hi,
It is security through obscurity, but I thought it is a technique I
should learn in case I would like to implement something similar in
the future. The reason I am not coding an authentication system is
because I have only just begun PHP, so am going for simple stuff. ;)
The file_id's were just examples as well - to keep what I meant simple.
How can I make that code work though? Is there another function I
should be using to pass up the file as a download to the user, or is
this just not possible?
Thanks,
J_K9
Set the stream to download and use readfile.
// Path to your file
$path = "./hidden--files/downloadme.zip";
// fix for IE catching or PHP bug issue
header("Pragma: public");
header("Expires: 0"); // set expiration time
header("Cache-Control: must-revalidate, post-check=0,
pre-check=0");
// browser must download file from server instead of cache
// force download dialog
header("Content-Type: application/force-download");
header("Content-Type: application/octet-stream");
header("Content-Type: application/download");
// use the Content-Disposition header to supply a
// recommended filename and
// force the browser to display the save dialog.
header("Content-Disposition: attachment; filename=".$path.";");
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize($path));
readfile($path);
have phun!
Barry
Hi,
I tried out the code - I get more warnings about not being able to
modify header information (I get one for each mention of header() in the
code), and then beneath the warnings there are lines and lines of
extended ASCII.
^^ That's because the force-download header isn't working, and therefore
the .zip is being written to the output stream, right?
I wonder why it's telling me that I cannot modify header information. Is
there anything we've left out, or something like that? It isn't a
browser issue, because I've tried it in both Firefox and IE...
Thanks,
J_K9
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
