File Download Confirmation Page

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

File Download Confirmation Page

Post by shiznatix »

Ok so I have a thing where you can download a file that you select. You can only start the download if you fill out the form first. Fine, dandy, good to go!

Now the problem is that I want to have it so that after I check all the post data, if it was good stuff they sent in then it displays a message like 'Thanks for the info!' then it starts the download. Now I can not come up with a logical way to do this without using javascript to open the last page (the page that starts the download).

Is there a way to do this without using javascript? I don't want the file path to be shown or easily gotten by a user as to keep the files location secret (sneaky huh?).
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

meta tag redirection.
User avatar
aaronhall
DevNet Resident
Posts: 1040
Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:

Post by aaronhall »

If you want to be sneaky, you can insert a randomly generated string into the database after the user completes the forum. Display the thank you message and meta-redirect to another page that takes that unique code as a paramater (download.php?code=$randomString&file=$getFile). In download.php, verify that the $randomString exists in the DB, open $getFile from it's real location with file_get_contents and dump it back to the browser. Make sure you include the correct Content-Type header in download.php. Delete the code from the database after download.php is accessed. The file's actual location will never be visible to the client, and download.php will be 99.999% secure (short of guessing the random string immediately after someone completes the form).
Post Reply