Forced Download

mortisimus · 09-19-2007, 02:52 PM

This script will get the file name from a url, it will assume that all files to be downloaded are on the same level as the download file, e.g:

Where to place the download file:
downloads/
download.php
[all other files]

File Linkage:
If you want to link to the file, use this sort of html code:

Code:

<a href="download.php?file=foo.html">Download</a>

In the example above the folder format would be:
/
file-linking-to-download.html
/downloads/
download.php
foo.html

Wildhoney · 09-19-2007, 03:01 PM

Thanks a lot for being kind enough to release this script for free! It'll come in use for many people, I'm sure.

reborn · 12-20-2007, 10:21 PM

Thanks. Will need this in near future.

mortisimus · 12-25-2007, 06:33 PM

no probs...

sjaq · 12-25-2007, 08:23 PM

This script is really insecure, you can just say ?file=../../../../etc/passwd or something like that, for it to be safe you need to replace this line:

PHP Code:


			
$file = $_GET['file'];

with:

PHP Code:


			
$file = str_replace('/', $_GET['file']);

And why do you pass the same argument twice into the _Download function?

PHP Code:


			
_Download($file, $file);

reborn · 12-26-2007, 05:14 PM

Quote:

Originally Posted by sjaq

And why do you pass the same argument twice into the _Download function?

PHP Code:


			
_Download($file, $file);

The first argument is the files location and filename and the second argument is the filename, wich is the same if the file and the script is in the same location.

Wildhoney · 12-26-2007, 06:02 PM

php Code:

function _Download($file, $file)
{
    echo 'File 1: ' . $file . "\r\n";
    echo 'File 2: ' . $file;
}

echo _Download('Test1', 'Test2');

Result:

Quote:

File 1: Test2
File 2: Test2

I think that's what sjaq is trying to point out. Both $file variables, because they're named the same, will have the result of the last argument set to $file. Which in my case was Test2.

reborn · 12-26-2007, 07:09 PM

The _Download() function is declared with the first argument $f_location and the second argument $f_name (if you have read the source).

Edwin · 01-06-2008, 11:59 PM

how can i qet this script to work?

Wildhoney · 01-07-2008, 12:41 AM

What you having problems with exactly, Edwin? I'm guessing it's not a technical issue, but rather a general how to get it working?

Place your file (myFile.zip) in the downloads directory, and then link to the file like so:

html4strict Code:

<a href="download.php?file=downloads/myFile.zip">Download</a>

Andrew · 01-07-2008, 01:58 AM

I was actually saying to myself the other day, I needed to find a script like this. Thanks a lot! I'll have to modify it a bit of course to fit my needs, but I never knew what headers to use. Thanks!

Edwin · 01-07-2008, 03:03 AM

thanx wildhoney

Wildhoney · 01-07-2008, 03:18 AM

Pleasure Edwin

! Are you much of a programmer yourself? Or planning to at least get into it?

Edwin · 01-07-2008, 03:23 AM

no im planninq to qet into it i know some php but not much.

Wildhoney · 01-17-2008, 03:57 AM

It is a shame

Would have been nice to have seen you round here more often! Nonetheless, best of luck with the project you're using this script for. Take it easy.

sketchMedia · 01-17-2008, 11:54 AM

i still dont get why you have 2 parameters in _Download, if both args take the same value (i.e. $_GET['file'] ) then whats the point, as far as i can see nothing changes the values of the parameters within the function so wouldnt this do the same:

PHP Code:


			
function _Download($file)
{
    header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
    header('Content-Description: File Transfer');
    header('Content-Type: application/octet-stream');
    header('Content-Length: ' . filesize($file));
    header('Content-Disposition: attachment; filename=' . basename($file));
    readfile($file);
}

looks like a waste of memory to me, note: i havnt tested it im at work and i cba.
and yes sjaq is correct, you will need some form of filtering for $_GET too otherwise anything could be inputted.

Other than that, good job.

Wildhoney · 01-17-2008, 12:38 PM

You are right, sketch. There is absolutely no need for the 2 functions because they'll go through as the same value anyway, and so if you wanted to clone the variable from within the function, you could do. And so the second argument is utterly pointless.

php Code:

function _Download($file)
{
    $file2 = $file;
    /* ... */
}