Re: Routing downloads through PHP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





Barry wrote:
J_K9 wrote:
Curt Zirzow wrote:

On Tue, Feb 14, 2006 at 09:02:50PM +0000, J_K9 wrote:

Hi,

I'm currently learning PHP, and I'd like to put it into practice to help me learn. I want to make a download script so that if the value of a certain variable is '1', the first download is selected, if it's '2', the second is selected, and so on... But, all the time, the download source's URI is not revealed.

As I was saying, I have a vague idea of how to do it - but I know it's wrong. With the help of some others, I've managed to come up with this:

|-----------------------
||<?php

if(!empty($_GET['file_id'])) {
      switch ($_GET['file_id']) {
   case 0:
      echo "Please specify a file ID";
   case 1:
      header("Location: ./hidden--files/downloadme.zip");
      break;
...


This is a method is rather known as 'security by obscurity'. If you
want to use this method instead of doing some sort of
authentication system, you need to make your file_id's more obscure
by using a more randomized value instead of 1,2,3...
Curt.


Hi,

It is security through obscurity, but I thought it is a technique I should learn in case I would like to implement something similar in the future. The reason I am not coding an authentication system is because I have only just begun PHP, so am going for simple stuff. ;)

The file_id's were just examples as well - to keep what I meant simple.

How can I make that code work though? Is there another function I should be using to pass up the file as a download to the user, or is this just not possible?

Thanks,

J_K9

Set the stream to download and use readfile.

// Path to your file
$path = "./hidden--files/downloadme.zip";

// fix for IE catching or PHP bug issue
header("Pragma: public");
header("Expires: 0"); // set expiration time
header("Cache-Control: must-revalidate, post-check=0,
    pre-check=0");
// browser must download file from server instead of cache

// force download dialog
header("Content-Type: application/force-download");
header("Content-Type: application/octet-stream");
header("Content-Type: application/download");

// use the Content-Disposition header to supply a
// recommended filename and
// force the browser to display the save dialog.
header("Content-Disposition: attachment; filename=".$path.";");
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize($path));

readfile($path);

have phun!

Barry


Hi,

I tried out the code - I get more warnings about not being able to modify header information (I get one for each mention of header() in the code), and then beneath the warnings there are lines and lines of extended ASCII.

^^ That's because the force-download header isn't working, and therefore the .zip is being written to the output stream, right?

I wonder why it's telling me that I cannot modify header information. Is there anything we've left out, or something like that? It isn't a browser issue, because I've tried it in both Firefox and IE...

Thanks,

J_K9

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux