PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Hi,
I have a page that has an input box on it for a password. When you press submit, I want this to download a file, but only if it is a correct password.
Here is my download code:
<?php
// format http://www.yoursite.com/download.php?file=filepath or relative path
$filename = $_GET['file'];
// get the file extention
$file_extension = strtolower(substr(strrchr($filename,"."),1));
// if no filename given ie: someone accessing the page directly
if( $filename == "" )
{
echo "File not given";
exit;
} elseif ( ! file_exists( $filename ) )
{
echo "File does not exist";
exit;
};
// switch the file extention to get the right type
switch( $file_extension )
{
case "pdf": $ctype="application/pdf"; break;
case "exe": $ctype="application/octet-stream"; break;
case "zip": $ctype="application/zip"; break;
case "doc": $ctype="application/msword"; break;
case "xls": $ctype="application/vnd.ms-excel"; break;
case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
case "gif": $ctype="image/gif"; break;
case "png": $ctype="image/png"; break;
case "jpeg":
case "jpg": $ctype="image/jpg"; break;
default: $ctype="application/force-download";
}
// send the headers to the browser
header("Pragma: public"); // required
header("Expires: 0");
// don't cache
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
// same as above
header("Cache-Control: private",false); // required for certain browsers
// get content type
header("Content-Type: $ctype");
// set as attatchment and name the filename //
// basename takes just the filename without any slashes etc
header("Content-Disposition: attachment; filename=\"".basename($filename)."\";" );
// set the enc type
header("Content-Transfer-Encoding: binary");
// tell the browser how big the file is
header("Content-Length: ".filesize($filename));
// readfile erm, reads the file!
readfile("$filename");
// end script
exit();
?>
How would I adapt this to check if a correct password was entered, and if not how would I redirect them to a failed page?
Also this is my form code, how do I redirect the URL to the download.php page?
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Redirecting can be done in several ways, all of which have been discussed in this community at some point in the recent past. The two most common ways are by using the PHP header() function or using HTML meta redirection. Google can help a lot with these...
A secure download script? No. The concept of logging in to get something is that you put the something behind a secure interface. What that means is that if the credentials of the user are sufficient to grant them the priviledge of getting at what you want them to, when they authenticate, give them access. Otherwise, keep them out.
EDIT | I suppose you could adapt the example in the link you presented to work the way you want. Maybe having a <div> that shows one thing, then upon authentication, show the download link or the download itself. The only question becomes: What if the user doesn't have JavaScript enabled OR they are using a browser that does not support DOM technology?
Since you're using DOM, I would maybe look at having an area that sits idle until the authentication takes place. It seems that the form is submitted to the HTTPRequest object onBlur() from the password field, you can use that opportunity to change the idle space for the download space. Just an idea. I have not clue whether it will work.