Page 1 of 1

Download script

Posted: Sat Jul 04, 2009 10:09 pm
by eadc707
Hello,
I have a download script that worked just fine under a directory in my website but when I use the same script in a level higher it wants to download the php file containing the script instead of the actual file. The file's name is docs_download.php and so it tries to download this file instead of the file in my database. Here is the code:

Code: Select all

<?php
/*
 * use this script to enable your visitors to download
 * your files. 
 */
 require('config.php');
 require('admin/global.php');
 
if (isset($_GET['file']) || isset($_GET['filename']) ){
    $dir = 'files';
    if ( isset($_GET['file']) ){
        //Download by file ID
        $fid = $_GET['file'];
        $results = mysql_query("SELECT filename,filesize,dcount,dmonth FROM files WHERE id=$fid");
        if (mysql_numrows($results) == 0){
            echo "<b>File not found</b>";
            return;
        }
        $file = stripslashes(mysql_result($results,0,"filename"));
        // Combine the download path and the filename to create the full path to the file.
        $file = "$dir/$file";
        // Test to ensure that the file exists.
        if(!file_exists($file)) die("I'm sorry, the file doesn't seem to exist. It may have been removed.");
    }else{
        //Download by file name
        $file = $_GET['filename'];
        $results = mysql_query("SELECT id,filename,filesize,dcount,dmonth FROM files WHERE filename='$file' LIMIT 1");
        if (mysql_numrows($results) == 0){
            echo "<b>File not found</b>";
            return;
        }
        $fid = mysql_result($results,0,"id");
    }
    
    addToDownloadCount($fid);
 }
else{
    echo "<b>File not found</b>";
    return;
}
 
 
    header('Content-Description: File Transfer');
    header('Content-Type: application/force-download');
    header('Content-Length: ' . filesize("$dir/$file"));
    header('Content-Disposition: attachment; filename=' . $file);
    readfile("$dir/$file");
    exit;
 
?>
Can anyone help me?
Thanks,

Re: Download script

Posted: Sat Jul 04, 2009 10:32 pm
by requinix
What is the value of $dir/$file?

Re: Download script

Posted: Mon Jul 06, 2009 7:01 pm
by eadc707
The value is : "files/filename.ext".
So, it does state the right value but still it wants to download the actual PHP file.

Re: Download script

Posted: Mon Jul 06, 2009 9:05 pm
by Eric!
I think your problem is line 26 where you redefine $file.

Line 21 defines $file with whatever is in your database plus a path. Line 26 redefines $file as whatever was passed in the $_GET parameter.

Re: Download script

Posted: Mon Jul 06, 2009 9:49 pm
by eadc707
Are you sure Eric? Because line 26 is in another "Else" loop that will not come into play unless I try to download the file by file name. So far I've only been trying to download the file by file ID.

Re: Download script

Posted: Mon Jul 06, 2009 10:41 pm
by Eric!
Obviously I have no idea what is in your variables, but it seems to me that there are a few lines that are confusing. I assume the file exists and line 26 will run.... :?

You also seem to confuse $file and $data combo on a few lines which makes it hard to follow.

Code: Select all

$file = "$dir/$file"; // 21
$file = $_GET['filename']; //26 
header('Content-Disposition: attachment; filename=' . $file); //46
readfile("$dir/$file");//47
Why not just echo $dir/$file before line 47 and find out why your path/filenames are confused?

Re: Download script

Posted: Tue Jul 07, 2009 5:22 pm
by eadc707
Ok you are right, it might be a little confusing. Let's leave out the lines 24 - 33 so we can understand it better. Now, if the file exists, it will addtodownloadcount (new line 26)and proceed to ask you whether you want to open or save the file (new lines 34 - 39).

Code: Select all

 
# <?php
# /*
#  * use this script to enable your visitors to download
#  * your files.
#  */
#  require('config.php');
#  require('admin/global.php');
#  
# if (isset($_GET['file']) || isset($_GET['filename']) ){
#     $dir = 'files';
#     if ( isset($_GET['file']) ){
#         //Download by file ID
#         $fid = $_GET['file'];
#         $results = mysql_query("SELECT filename,filesize,dcount,dmonth FROM files WHERE id=$fid");
#         if (mysql_numrows($results) == 0){
#             echo "<b>File not found</b>";
#             return;
#         }
#         $file = stripslashes(mysql_result($results,0,"filename"));
#         // Combine the download path and the filename to create the full path to the file.
#         $file = "$dir/$file";
#         // Test to ensure that the file exists.
#         if(!file_exists($file)) die("I'm sorry, the file doesn't seem to exist. It may have been removed.");
#  }
# addToDownloadCount($fid);
#  }
# else{
#     echo "<b>File not found</b>";
#     return;
# }
#  
#  
#     header('Content-Description: File Transfer');
#     header('Content-Type: application/force-download');
#     header('Content-Length: ' . filesize("$dir/$file"));
#     header('Content-Disposition: attachment; filename=' . $file);
#     readfile("$dir/$file");
#     exit;
#
# ?>
 
I tried to echo the $file just before the readfile function but it will not show up on the screen. It will go directly to the download file dialog box.

Maybe I should point out that it tries to download the actual php file in which this code is saved. This code is run from a file called docs_download.php and the dialog box is asking me if I want to download the docs_download.php file.

And what kills me is that this exact same code is running flawless in another directory.