PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
Luke
The Ninja Space Mod
Posts: 6424 Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA
Post
by Luke » Mon Jul 17, 2006 12:38 pm
The following is a script used for downloading all kinds of documents. I did not write it. It works for Firefox, but in IE, it gives me an error: "the requested site is not available or cannot be found"
It is attempting to download over SSL
Code: Select all
if (isset($_GET['action']) && $_GET['action'] == "download")
{
session_cache_limiter("public, post-check=50");
header("Cache-Control: private");
}
//if (isset($session_save_path)) session_save_path($session_save_path);
if (isset($_GET['path'])) $path = validate_path($_GET['path']);
if (!isset($path)) $path = FALSE;
if ($path == "./" || $path == ".\\" || $path == "/" || $path == "\\") $path = FALSE;
if (isset($_GET['filename'])) $filename = basename(stripslashes($_GET['filename']));
if ($user->has_priv('dnld_file') || $user->has_priv('view_file'))
{
if (isset($_GET['filename']) && isset($_GET['action']) && is_file($GLOBALS['home_directory'] . $user->user_dir.$path.$filename) || is_file("../".$GLOBALS['home_directory'] . $user->user_dir.$path.$filename))
{
if (is_file($GLOBALS['home_directory'] . $user->user_dir.$path.$filename) && !strstr($GLOBALS['home_directory'] . $user->user_dir, "./") && !strstr($GLOBALS['home_directory'] . $user->user_dir, ".\\"))
$fullpath = $GLOBALS['home_directory'] . $user->user_dir.$path.$filename;
else if (is_file("../".$GLOBALS['home_directory'] . $user->user_dir.$path.$filename))
$fullpath = "../".$GLOBALS['home_directory'] . $user->user_dir.$path.$filename;
if (!$user->has_priv('dnld_file') && $user->has_priv('view_file') && !is_viewable_file($filename))
{
print "<font color='#CC0000'>$StrAccessDenied</font>";
exit();
}
header("Content-Type: ".get_mimetype($filename));
header("Content-Length: ".filesize($fullpath));
if ($_GET['action'] == "download" && $user->has_priv('dnld_file'));
header("Content-Disposition: attachment; filename=$filename");
readfile($fullpath);
}
else
print "<font color='#CC0000'>$StrDownloadFail</font>";
}
Weirdan
Moderator
Posts: 5978 Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine
Post
by Weirdan » Mon Jul 17, 2006 12:59 pm
what a mess it was...
Code: Select all
if(
isset($_GET['action'])
&& $_GET['action'] == "download"
) {
session_cache_limiter("public, post-check=50");
header("Cache-Control: private");
}
//if (isset($session_save_path)) session_save_path($session_save_path);
if(isset($_GET['path']))
$path = validate_path($_GET['path']);
if(!isset($path))
$path = FALSE;
if(
$path == "./"
|| $path == ".\\"
|| $path == "/"
|| $path == "\\"
) {
$path = FALSE;
}
if(isset($_GET['filename']))
$filename = basename(stripslashes($_GET['filename']));
if(
$user->has_priv('dnld_file')
|| $user->has_priv('view_file')
) {
if(
isset($_GET['filename'])
&& isset($_GET['action'])
&& is_file($GLOBALS['home_directory'] . $user->user_dir . $path . $filename)
|| is_file("../" . $GLOBALS['home_directory'] . $user->user_dir . $path . $filename)
) {
if(
is_file($GLOBALS['home_directory'] . $user->user_dir . $path . $filename)
&& !strstr($GLOBALS['home_directory'] . $user->user_dir, "./")
&& !strstr($GLOBALS['home_directory'] . $user->user_dir, ".\\")
) {
$fullpath = $GLOBALS['home_directory'] . $user->user_dir . $path . $filename;
} elseif(is_file("../" . $GLOBALS['home_directory'] . $user->user_dir . $path . $filename)) {
$fullpath = "../".$GLOBALS['home_directory'] . $user->user_dir.$path.$filename;
}
if(
!$user->has_priv('dnld_file')
&& $user->has_priv('view_file')
&& !is_viewable_file($filename)
) {
print "<font color='#CC0000'>$StrAccessDenied</font>";
exit();
}
header("Content-Type: " . get_mimetype($filename));
header("Content-Length: " . filesize($fullpath));
if(
$_GET['action'] == "download"
&& $user->has_priv('dnld_file')
) {// ; here has been semicolon (IMO it's not needed)
header("Content-Disposition: attachment; filename=$filename");
}
readfile($fullpath);
} else {
print "<font color='#CC0000'>$StrDownloadFail</font>";
}
}
Luke
The Ninja Space Mod
Posts: 6424 Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA
Post
by Luke » Mon Jul 17, 2006 1:22 pm
Still not working...
I believe the problem has something to do with this:
http://support.microsoft.com/default.as ... -us;316431
Because I am getting this error:
Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later.
But it looks like the code you posted should take care of the problem... but it doesn't.
RobertGonzalez
Site Administrator
Posts: 14293 Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA
Post
by RobertGonzalez » Mon Jul 17, 2006 1:33 pm
MSDN wrote: RESOLUTION
Web sites that want to allow this type of operation should remove the no-cache header or headers.
Have you tried changing your headers? Apparently, this:
Code: Select all
Pragma: no-cache
Cache-control: no-cache,max-age=0,must-revalidate
could kill it. Maybe play around with the sent headers to see if you can force it that way?
Luke
The Ninja Space Mod
Posts: 6424 Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA
Post
by Luke » Mon Jul 17, 2006 1:35 pm
Yes... the code that is posted has this header:
Cache-Control: private
And that doesn't fix it.
printf
Forum Contributor
Posts: 173 Joined: Wed Jan 12, 2005 5:24 pm
Post
by printf » Tue Jul 18, 2006 12:52 am
IE before 5.5 and after 5.5 doesn't support attachment; for a disposition only IE 5.5 does. Also RFC 2068 states that +Content-Disposition+ header must contain the filename="?" encloded in quotes, and the +Content-Type+ header must contain the the mime/type, followed by the name="?" for the file name! Also Cache-Control: private, is not valid for a file type header, the only Cache-Control that is allowed for a file type header (image, file) is +max-age=+, this for both HTTP/1.0 and HTTP/1.1. If using +max-age=+, then the +Exipre+ header must always be included after the Cache-Control +max-age=+ header.
Code: Select all
header ( 'Cache-control: max-age=31536000' );
header ( 'Expires: Mon, 26 Jul 1997 05:00:00 GMT' );
header ( 'Content-Length: ' . filesize ( $fullpath ) );
header ( 'Content-Disposition: filename="' . $filename . '"' );
header ( 'Content-Type: ' . get_mimetype ( $filename ) . '; name="' . $filename . '"' );
readfile ( $fullpath );
pif
ckuipers
Forum Commoner
Posts: 61 Joined: Mon Mar 24, 2003 6:10 am
Post
by ckuipers » Tue Jul 18, 2006 1:28 am
Try adding this
Worked for me!
Luke
The Ninja Space Mod
Posts: 6424 Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA
Post
by Luke » Tue Jul 18, 2006 10:19 am
Thanks guys... it's working now. I need to read up on http protocol a little I think.
Christopher
Site Administrator
Posts: 13596 Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US
Post
by Christopher » Tue Jul 18, 2006 1:19 pm
I have not tried the Pragma setting, but I know that simply adding following makes IE work (private does not):
Cache-control: must-revalidate
(#10850)