Help - Search - Members - Calendar
Full Version: HTML FTP DOWNLOAD
Hostony Board > General Support > Suggestions
ifprod
On my website, I currently have links to various video files that play in an online screening room. Due to the large file size, I want to have a download button next to each video link.

What code do I use so that when someone clicks on the download button it automatically brings up the Save Dialog Box instead of a new window? I think I have to store a copy of the video in the FTP folder and direct the link toward this.

Any one know the proper way to do this. Much appreciated.

Thank you.
Alexandre
You shlould put these files to public_html/... folder.
BTW we'll have to suspend your account if it cause server's load wink.gif
MartinB
I think i have understanded your needs, you want a link to a file so if the file is associated with some windows app, you want not the knowns files be auto-opened with the associated app into the browser(like MSOffice Files, Quicktime, PDFs, etc), you want force the download ?

for that you can use this:

create a file named "download.php" with:

CODE
<?php
   
 if (!$file = fopen($_GET['filename'],"r")) die('File not found');

 
 if (substr($filename,strlen($filename) - 3) == 'doc' or $filename == 'rtf')
 {
   header("Content-type: application/msword");    
 }
 else
 {
   header("Content-type: application/octet-stream");    
 }
 header("Content-Disposition: attachment; filename=$filename");
 header("Content-Description: PHP4 Generated Data");
 header("Pragma: no-cache");
 header("Expires: 0");

 fpassthru($file);
 fclose($file);

?>



then, use this for make your links to the files:

CODE
<a href="/path/to/download.php?filename=/path/to/document.doc">download document.doc</a>


* replace "/path/to/download.php" with the path where you have the download.php script

* replace "/path/to/document.doc" with the path to your file.

Test it.
best regards,
-Martin
JasonJones
That script will limit filesize to about 300-400k... anything more and it craps out and ends up being a 0 byte file..

Jason
MartinB
some suggestion ? im using it in very places but i will check.
JasonJones
Free PHP Coding? smile.gif

I could put together a small script to do it I guess... steal code from a few places and assemble something...

Or I could Eat Dinner... that sounds even better right now.. maybe after a meal smile.gif

Jason
JasonJones
Heh... also if you are using that in diferent places, you might want to track down ALL those places and remove it Immediately... Its a SERIOUS security risk to any server its running on... hope your not on 25..

Jason
MartinB
huh.gif
maybe is more secure to put a variable with the path to the files repository in the script file, like $path="../files/", and only submit the filename.

i think i have simplified it so much for make it user friendly wink.gif
JasonJones
Simplified it into a security Risk...

Anyways... Yes, putting the variable for a path would help to keep the files on the server more safe... But it still wont protect someone from downloading your .htaccess files, your .php scripts, and your xyz.conf files that may include database user/passwords... You would need to exclude those, or to be more specific, only allow certian filetypes to be downloaded, .mp3, .wmv, .avi, .mpg, .zip, pdf etc.. otherwise there is no real reason for someone to "download" any other files from your server.. Everything else can be rightclicked "save as" ...

But if you needed versatility to use any extension w/o re-writing, you would at least want to protect .php, .htaccess and .conf...


Jason
JasonJones
Ok, here is a script, I guarantee NO SECURITY with it, or that it wont catch your server on fire, burn it to the ground and do the happy dance. I'm a sloppy coder. I don't know PHP as good as I should.. So, use at your own Risk... Be sure to test out the link http://www.yoursite.com/downloader.php?file=downloader.php (using the script to download itself) for a laugh..

This script does keep it from loading anything outside of your webroot, checks for "bad" extensions so people wont download .htaccess files or php files... Again, no guarantee of security or that it wont cause a melt down.

Copy all the text below and save to: downloader.php
CODE
<?php
/*
+--------------------------------------------------------------------------
|    Downloader.php v0.0.5
|    ========================================
|    by Jason Jones (pr0ntab@hotmail.com)
|
|    Some extension switching code borrowed from eLouai's VERY BROKEN
|    force-download script (http://www.elouai.com/force-download.php)
+---------------------------------------------------------------------------
|    This will let people link to a file and it will be forced
|    to download (open/save as) instead of loading in the browser, or
|    associated program. Useful for linking to media files you would
|    like people to download.
+---------------------------------------------------------------------------
|    Usage:    http://www.yoursite.com/downloader.php?file=file
|    As an HTML Link:
|    <A HREF="http://www.yoursite.com/downloader.php?file=movie12.mpg">Download Movie12</A>
+---------------------------------------------------------------------------
|    Setup:    Change the $dir variable to any web readable dir to restrict
|    downloads to that dir, or leave as / to allow entire web readable
|    dir to house a download. eg: /downloads/ or /files/movies/
+---------------------------------------------------------------------------
*/

// Enter The web path to downloadable files use "/" to allow entire webroot (not recommended)
$dir = "/";

$root = $_SERVER['DOCUMENT_ROOT'];
$filename = "$root"."$dir".$_GET['file'];
$ext = substr( $filename,-3 );
$extension = substr( $filename,-3 );
$dirname = "$root"."$dir";
if( $filename == "$dirname" ) {
echo "<HTML><HEAD><TITLE>ERROR! No File Specified</TITLE></HEAD><BODY><H1><FONT COLOR=FF0000>ERROR:</H1><BR><h2>No file specified USE download.php?file=[file path]</H2></FONT></BODY></HTML>";
exit;
};
if ( ! file_exists( $filename ) ) {
echo "<HTML><HEAD><TITLE>ERROR! File Not Found</TITLE></HEAD><BODY><H1><FONT COLOR=FF0000>ERROR:</H1><BR><h2>File not found. USE download.php?file=[file path]</H2></FONT></BODY></HTML>";
exit;
};

// PROTECTED EXTENSIONS (just enter last 3, so conf would be onf)
switch( $extension )
{
 case "php": $badtype=".php\$"; break;
 case "ess": $badtype="ess\$"; break;
 case "onf": $badtype="onf\$"; break;
 default: $badtype="XXX";
};
if ( ereg("$badtype",$filename)) {
echo "<HTML><HEAD><TITLE>ERROR! BAD MONKEY!</TITLE></HEAD><BODY><H1><FONT COLOR=FF0000>ERROR: BAD MONKEY! BAD!</H1><BR><H2>You can't have that type of file, now be a good monkey and try another file name!</H2></FONT><CENTER><EMBED SRC=http://www.monkeymania.co.uk/sounds/monkey-1.au AUTOSTART=true AUTOLOAD=true WIDTH=0 HEIGHT=0 loop=true><BR><IMG SRC=http://www.shitthrowingmonkeys.com/monkeyspank.gif></BODY></HTML>";
exit;
};
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
Header ("Content-Type: application/octet-stream");
Header ("Content-Length: ".filesize($filename));
Header ("Content-Disposition: attachment; filename=\"$filename\"");
Header ("Content-Description: Download File");
readfile("$filename");
exit();
?>


Edited ! ugh.. well something about hostony's servers breaks the above, to make it work with hostony's servers replace:
CODE
Header ("Content-Length: ".filesize($filename));
Header ("Content-Disposition: attachment; filename=\"$filename\"");

with
CODE
Header ("Content-Length: ".filesize($file));
Header ("Content-Disposition: attachment; filename=\"$file\"");
MartinB
is basicly the same thing, but with comments biggrin.gif
JasonJones
Heh, not even close smile.gif

Yours lets anyone grab ANY file from the directory structure... this includes /etc/passwd or any other conf file outside of your webspace.

Yours wont allow anything to download bigger than a few hundred K.. my guess if someone needed this script to download large movie files like he said, 300k wont work as a cut off...

Not to mention it uses different methods to send the file etc...

Its not the same, nowhere close.. any script that does the same thing will inherit some traits of course...

As far as the comments, they are in there to help people figure out what it is, and not just a piece of code.

Also Mine has a COOL error page if they try and access a Banned Extension, heh..

Jason
ifprod
Thanks guys, I'll take a crack at this in the next couple of days. Thanks for your help.
MartinB
Jason, i will replace the code i found with the yours wink.gif
thanks a lot for improvements
Niakie
Actually this code isn't secure either. The command line could be changed to something like:

http://yoursite.com/downloader.php?file=../hidden.file

This would allow them to download hidden.file which resides above public_html.

a work around for this would be to replace

CODE
$filename = "$root"."$dir".$_GET['file'];


with something like

CODE
$filename = substr($_GET['file'], 0, 1)=='.'?'':$root.$dir.$_GET['file'];


This will effectivly erase the attempt and give a file not found error.
MartinB
cool
JasonJones
Told you I was bad with PHP.. biggrin.gif

Anyways, thanks!!

Jason
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2024 Invision Power Services, Inc.
IPS Driver Error

IPS Driver Error

There appears to be an error with the database.
You can try to refresh the page by clicking here