0

Hi,

Code below fails and I cannot solve it.

$folder="myfolder/files";
$file="1.doc";

header("Content-type: application/msword");
header("Content-Disposition: attachment; filename=".$folder."/".$file);
readfile($file);

The file link I get when popup opens is " myfolder_file_1.doc ". I don't know where does the underscore comes from.

Any idea?

Thanks

Edited by veledrom: .

3
Contributors
7
Replies
9
Views
7 Years
Discussion Span
Last Post by veledrom
0

you cant specify a foldername in the download filename
naming conventions convert the backslash to underscore, and the file will be placed in the current folder selected on the users disk

file not found error, the source is not specified fully to get the file from the specified folder, Try

<?php $folder="myfolder/files";
$file="1.doc";
header("Content-type: application/msword");
header("Content-Disposition: attachment; filename=$file"); // note difference
readfile($folder."/".$file); // note difference
?>

Edited by almostbob: n/a

0

Yes it does download it now but the HTML content of my php webpage is displayed in the doc file instead of actual content of doc file.

<html>
<head>
<title>Asg</title>
</head>
<body>
<p>
Welcome Jolly
</p>

<h3>DOWNLOAD</h3>

ACTUAL CONTENT IS HERE

</body>
</html>

Is this normal?

0

This is the code I use but doesn't work well. File is downloaded but the content is full of rubish characters. I add the code for you to try and see what i mean.

index.php

<?php
$fileArray = array("me.doc", "you.doc");
$directory = "pool/files/";

foreach($fileArray as $key => $value){
    echo "<a href='index.php?dir=$directory&file=$value' title='Download'>$value</a><br />";
}


if(isset($_GET["dir"]) && isset($_GET["file"])){
	$directory = $_GET["dir"];
	$file = $_GET["file"];
	
	header("Cache-Control: public");
	header("Content-Description: File Transfer");
	header("Content-Disposition: attachment; filename=$file");
	header("Content-Type: application/msword");
	readfile($directory.$file);
	
}
?>

Please help.

Thanks in advance

0

SOLVED. Thanks for contributions guys.
What I noticed that there shouldn't be any HTML space between ob_start() and flush(). When you open <?php, you should put everything in without closing-opening-closing-opening (I mean one <?php, one ?>) it. Otherwise, strange chars are stored in file that is currently downladed.


SOLUTION:

index.php

<?php
$fileArray = array("me.doc", "you.doc");
$directory = "pool/files/";

foreach($fileArray as $key => $value){
    echo "<a href='download.php?dir=$directory&file=$value' title='Download'>$value</a><br />";
}
?>

download.php

<?php
if(isset($_GET["dir"]) && isset($_GET["file"])){
 
	$directory = $_GET["dir"];
	$file = $_GET["file"];
	
	function forceDownload($directory, $file){
		header("Content-Type: application/force-download");
		header("Content-Disposition: attachment; filename=\"$file\"");
		echo file_get_contents($directory.$file);
	}
	
	forceDownload($directory, $file);
 }
?>

Edited by veledrom: ,

0

the _get method keeps the variables in the url
so the foldername is passed in plain text, this way may lessen direct linking to the files
if all the files are in the same folder then the folder does not have to be passed to the download file
folder can be an index to an array
folder can be simple IF else if($_get['folder']='1') {$folder="/pool/files";} elseif($_get['folder']='2') {$folder="/other/files";} else {$folder='/blankfiles';} index.php

<?php
$fileArray = array("me.doc", "you.doc");
foreach($fileArray as $key => $value){
    echo "<a href='download.php?file=$value' title='Download'>$value</a><br />";
}
?>

download.php

<?php
$directory = "pool/files/";
if(isset($_GET["file"])){
 $file = $_GET["file"];
 function forceDownload($directory, $file){
 header("Content-Type: application/force-download");
 header("Content-Disposition: attachment; filename=\"$file\"");
 echo file_get_contents($directory.$file);
 }
forceDownload($directory, $file);
 }
?>

security(?) through obscurity ??

Edited by almostbob: n/a

1

You are right about the direct linking. However, I'll do SHA1($folder) and SHA1($file) first and attach it to the URL. This will prevent users direct linking to the file and folder.
Thanks for your additional interest

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.