Ok, here is a script, I guarantee NO SECURITY with it, or that it wont catch your server on fire, burn it to the ground and do the happy dance. I'm a sloppy coder. I don't know PHP as good as I should.. So, use at your own Risk... Be sure to test out the link
http://www.yoursite.com/downloader.php?file=downloader.php (using the script to download itself) for a laugh..
This script does keep it from loading anything outside of your webroot, checks for "bad" extensions so people wont download .htaccess files or php files... Again, no guarantee of security or that it wont cause a melt down.
Copy all the text below and save to: downloader.php
CODE
<?php
/*
+--------------------------------------------------------------------------
| Downloader.php v0.0.5
| ========================================
| by Jason Jones (pr0ntab@hotmail.com)
|
| Some extension switching code borrowed from eLouai's VERY BROKEN
| force-download script (http://www.elouai.com/force-download.php)
+---------------------------------------------------------------------------
| This will let people link to a file and it will be forced
| to download (open/save as) instead of loading in the browser, or
| associated program. Useful for linking to media files you would
| like people to download.
+---------------------------------------------------------------------------
| Usage: http://www.yoursite.com/downloader.php?file=file
| As an HTML Link:
| <A HREF="http://www.yoursite.com/downloader.php?file=movie12.mpg">Download Movie12</A>
+---------------------------------------------------------------------------
| Setup: Change the $dir variable to any web readable dir to restrict
| downloads to that dir, or leave as / to allow entire web readable
| dir to house a download. eg: /downloads/ or /files/movies/
+---------------------------------------------------------------------------
*/
// Enter The web path to downloadable files use "/" to allow entire webroot (not recommended)
$dir = "/";
$root = $_SERVER['DOCUMENT_ROOT'];
$filename = "$root"."$dir".$_GET['file'];
$ext = substr( $filename,-3 );
$extension = substr( $filename,-3 );
$dirname = "$root"."$dir";
if( $filename == "$dirname" ) {
echo "<HTML><HEAD><TITLE>ERROR! No File Specified</TITLE></HEAD><BODY><H1><FONT COLOR=FF0000>ERROR:</H1><BR><h2>No file specified USE download.php?file=[file path]</H2></FONT></BODY></HTML>";
exit;
};
if ( ! file_exists( $filename ) ) {
echo "<HTML><HEAD><TITLE>ERROR! File Not Found</TITLE></HEAD><BODY><H1><FONT COLOR=FF0000>ERROR:</H1><BR><h2>File not found. USE download.php?file=[file path]</H2></FONT></BODY></HTML>";
exit;
};
// PROTECTED EXTENSIONS (just enter last 3, so conf would be onf)
switch( $extension )
{
case "php": $badtype=".php\$"; break;
case "ess": $badtype="ess\$"; break;
case "onf": $badtype="onf\$"; break;
default: $badtype="XXX";
};
if ( ereg("$badtype",$filename)) {
echo "<HTML><HEAD><TITLE>ERROR! BAD MONKEY!</TITLE></HEAD><BODY><H1><FONT COLOR=FF0000>ERROR: BAD MONKEY! BAD!</H1><BR><H2>You can't have that type of file, now be a good monkey and try another file name!</H2></FONT><CENTER><EMBED SRC=http://www.monkeymania.co.uk/sounds/monkey-1.au AUTOSTART=true AUTOLOAD=true WIDTH=0 HEIGHT=0 loop=true><BR><IMG SRC=http://www.shitthrowingmonkeys.com/monkeyspank.gif></BODY></HTML>";
exit;
};
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
Header ("Content-Type: application/octet-stream");
Header ("Content-Length: ".filesize($filename));
Header ("Content-Disposition: attachment; filename=\"$filename\"");
Header ("Content-Description: Download File");
readfile("$filename");
exit();
?>
Edited ! ugh.. well something about hostony's servers breaks the above, to make it work with hostony's servers replace:
CODE
Header ("Content-Length: ".filesize($filename));
Header ("Content-Disposition: attachment; filename=\"$filename\"");
with
CODE
Header ("Content-Length: ".filesize($file));
Header ("Content-Disposition: attachment; filename=\"$file\"");