On 3-4-2015 11:18, Tim Streater wrote:
On 02 Apr 2015 at 22:51, Jeffry Killen <jekillen@xxxxxxxxxxx> wrote:
This is new territory for me a maybe a bit off topic but
I am interested in finding out how to implement a downloading
mechanism with php and without using ftp (if possible).
I think you want something like this:
<?php
// This file could be called mydownloader.php
$file = $_POST['filename'];
For anyone that would like to use this code in a live setting, PLEASE
make sure to ALWAYS sanitize/validate this value first. Leaving it like
this makes your script prone to VERY dangerous attacks. Imagine for
instance that someone were to send /var/www/cms/conf/config.inc.php as
the filename, and that that path would lead to the configuration file
which contains your admin username/password and various other data that
you do not want anyone to be able to access. The code below would not
stop that at all...
Be really careful with these things. It's better to keep a whitelist of
what files/directories a person is allowed to download from, than to
blacklist (ie. disallow only from some).
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename=' . basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize ($file));
ob_clean ();
flush ();
readfile ($file);
?>
In my case, after validating the user's choices, I have this form in a webpage:
<form action="mydownloader.php" method="post">
<input name="filename" value='/path/to/file' type=hidden>
<p style="padding-top: 2em; padding-bottom: 2em;"><input type="submit" value="Download"></p>
</form>
You'll have to construct the value field, of course.
--
Cheers -- Tim
- Tul
---
This email has been checked for viruses by Avast antivirus software.
http://www.avast.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
