Server Help Forum Index Server Help
Community forums for Subgame, ASSS, and bots
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   StatisticsStatistics   RegisterRegister 
 ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin (SSL) 

Server Help | ASSS Wiki (0) | Shanky.com
[PHP] Download file from non-web directory

 
Post new topic   Reply to topic Printable version
 View previous topic  suggestions - need a program? Post :: Post [PHP] Colored SVN Diffs  View next topic  
Author Message
BDwinsAlt
Agurus's Posse


Age:33
Gender:Gender:Male
Joined: Jun 16 2003
Posts: 1145
Location: Alabama
Offline

PostPosted: Sat Feb 24, 2007 1:47 am    Post subject: [PHP] Download file from non-web directory Reply to topic Reply with quote

Is there anyway to get a file to download from a different directory on the server.
I can make it read a text file from another directory. I want it to let people download from there as well, if they have the proper authentication (already set up).

Webpath = /var/www
DLpath = /var/downloads

I need someone in Webpath to be able to download from DLpath.
Any ideas?

Here is an example of the auth module I used, point out any useful tips if you want.

Code: Show/Hide

<?php

$valid_passwords = array ("user1" => "pass1", "user2" => "pass2");
$valid_users = array_keys($valid_passwords);

$user = $_SERVER['PHP_AUTH_USER'];
$pass = $_SERVER['PHP_AUTH_PW'];

$validated = (in_array($user, $valid_users)) && ($pass == $valid_passwords[$user]);

if (!$validated) {
  header('WWW-Authenticate: Basic realm="My Realm"');
  header('HTTP/1.0 401 Unauthorized');
  die ("Authentication is required to gain access to this area.  All attempts are logged.");
}

// If arrives here, is a valid user.
echo "<p><font color=#009900>Welcome $user.</font></p>";
echo "<p><font color=#000099>You have full access to the server list.</font></p>";
$lines = file('/var/gallery/servers.txt');
// Loop through our array, show HTML source as HTML source; and line numbers too.
foreach ($lines as $line_num => $line) {
   $line_number = $line_num + 1;
   echo "Server {$line_number} : " . htmlspecialchars($line) . "\n<br />";
}
?>
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
Cerium
Server Help Squatter


Age:41
Gender:Gender:Male
Joined: Mar 05 2005
Posts: 807
Location: I will stab you.
Offline

PostPosted: Sat Feb 24, 2007 3:18 am    Post subject: Reply to topic Reply with quote

What you would want to do is manually send the response headers with the content of the file you want to send...

This is an example ripped directly from my php-based playlist builder, so you may want to change a few of the values based on the type of file you'll be sending...

Code: Show/Hide
        header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
      header("Content-Description: File Transfer");
      header("Content-Type: application/vnd.ms-wpl");
      header("Content-Length: " . filesize($strFile));
      header("Content-Disposition: attachment; filename=\"playlist.wpl\"");


At this point, you just dump the file contents directly to the output stream (via print/echo/etc).

Code: Show/Hide
print(file_get_contents($strFile));



And viola. The user never sees the actual location of the file (and thus, does not need direct access to it) and you can authenticate the user prior to sending.
_________________
There are 7 user(s) ignoring me right now.
Back to top
View users profile Send private message Add User to Ignore List AIM Address
Mine GO BOOM
Hunch Hunch
What What
Hunch Hunch<br>What What


Age:40
Gender:Gender:Male
Joined: Aug 01 2002
Posts: 3614
Location: Las Vegas
Offline

PostPosted: Sat Feb 24, 2007 6:07 am    Post subject: Reply to topic Reply with quote

Please note that the above method is generally a huge cause for security concern. People will attempt to send '..' and '/' into your script to try and load /etc/passwd or other critical files. Generally the best way to prevent this is to have a database so the user sends an ID of the file, which your script looks up and links to the correct file.
Back to top
View users profile Send private message Add User to Ignore List Send email
BDwinsAlt
Agurus's Posse


Age:33
Gender:Gender:Male
Joined: Jun 16 2003
Posts: 1145
Location: Alabama
Offline

PostPosted: Sat Feb 24, 2007 11:54 am    Post subject: Reply to topic Reply with quote

Oh ok. I see what you're saying. Thanks SO much. You guys rock.

EDIT: The only thing is after this is sent it won't display my echos and stuff. How might I fix that?
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
Solo Ace
Yeah, I'm in touch with reality...we correspond from time to time.


Age:36
Gender:Gender:Male
Joined: Feb 06 2004
Posts: 2583
Location: The Netherlands
Offline

PostPosted: Sat Feb 24, 2007 12:17 pm    Post subject: Reply to topic Reply with quote

You... do realise that after
Code: Show/Hide
header("Content-...: .../...");
you're not actually displaying content in the browser anymore, right?
Everything you echo after this will be interpreted by the browser as content of the file it's retrieving...
You should just
Code: Show/Hide
exit;
Back to top
View users profile Send private message Add User to Ignore List
BDwinsAlt
Agurus's Posse


Age:33
Gender:Gender:Male
Joined: Jun 16 2003
Posts: 1145
Location: Alabama
Offline

PostPosted: Sat Feb 24, 2007 1:58 pm    Post subject: Reply to topic Reply with quote

Ohhhhh thanks solo. I've never really worked too much with headers. icon_biggrin.gif
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
Solo Ace
Yeah, I'm in touch with reality...we correspond from time to time.


Age:36
Gender:Gender:Male
Joined: Feb 06 2004
Posts: 2583
Location: The Netherlands
Offline

PostPosted: Sat Feb 24, 2007 2:14 pm    Post subject: Reply to topic Reply with quote

The headers tell the browser what kind of data it's supposed to expect. It's like "I'm going to send you a x-type file".
The browser expects everything after the full header to be the content of that file.
So, if you're going to echo stuff to the browser, the browser will interpret that as content of that file.
It's up to the browser if it wants to/can display the contents of the file.
Back to top
View users profile Send private message Add User to Ignore List
marky
Guest


Offline

PostPosted: Wed Jul 25, 2007 3:30 am    Post subject: changing password by user Reply to topic Reply with quote

how to allow to user to change his password ang login? is it possible in this code?
Back to top
BDwinsAlt
Agurus's Posse


Age:33
Gender:Gender:Male
Joined: Jun 16 2003
Posts: 1145
Location: Alabama
Offline

PostPosted: Wed Jul 25, 2007 5:46 pm    Post subject: Reply to topic Reply with quote

I made the script use mysql for authentication. Google it and you can add it.
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
CypherJF
I gargle nitroglycerin


Gender:Gender:Male
Joined: Aug 14 2003
Posts: 2582
Location: USA
Offline

PostPosted: Wed Jul 25, 2007 7:17 pm    Post subject: Reply to topic Reply with quote

I'm disappointed, you used the echo quote, quote syntax:
Code: Show/Hide
echo "...";

You should use single quotes if there is no reason for back-replacement in the string.
Code: Show/Hide
echo '...';
It also makes your life easier for including HTML, which can allow for valid website markup.
_________________
Performance is often the art of cheating carefully. - James Gosling
Back to top
View users profile Send private message Add User to Ignore List
Display posts from previous:   
Post new topic   Reply to topic    Server Help Forum Index -> Non-Subspace Related Coding All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum
View online users | View Statistics | View Ignored List


Software by php BB © php BB Group
Server Load: 664 page(s) served in previous 5 minutes.

phpBB Created this page in 0.506670 seconds : 35 queries executed (74.3%): GZIP compression disabled