Hi guys,
I’m having some difficulties that hopefully some of you would be able to help with.
I’m currently building an extranet for our company so that our retailers can log in to download images, adverts, prices, etc..
Since most of them are, well, stupid, I want to force them to have to download each image with a download box.
Please note that I am running PHP 5 on Apache, on Windows (as a test environment, production server is Linux)
Now, the first thing I implemented was a download basket so that everything could be added to it to be downloaded in bulk at a later date. This is done by zipping the file and then forcing a download using this code.
[CODE]
if (file_exists(“downloads/” . $_GET[‘package’] . “.zip”)) {
header(‘Content-type: application/zip’);
header(‘Content-Disposition: attachment; filename=”‘ . $_GET[‘package’] . ‘.zip”‘);
readfile(“downloads/” . $_GET[‘package’] . “.zip”);
}
There is some checking before this code to make sure that the person has permission to download the file which in turn prevents exploits to download files they shouldn’t be (for example, their user level, if they’re logged in, if the file is in a valid download directory, etc)
This works absolutely perfectly, and it downloads the zip file with everything inside in tact.
Now, using this as a template, I then went on to do individual files. The issue is that the file type would change depending on the file, so using this one as a template I wrote this (and for testing, I made sure it was a gif file):
$g[‘filename’] would be as an example, “images/imagefile.gif” which is a valid file, just as “downloads/” . $_GET[‘package’] . “.zip” was a valid file.
[CODE]
if (file_exists($g[‘filename’])) {
header(“Content-Type: image/gif”);
header(“Content-Disposition: attachment; filename=”” . $g[‘filename’] . “””);
readfile($g[‘filename’]);
}
This brings up the download dialog box, but the image doesn’t work.
In fact, none of the test images that I tried work, but the filename is valid since it “exists”.
I then looked around at 100s of examples people have done, but I couldn’t find a solution.
Taking some of the code people had done with vaguely similar problems, I added more crap to my code to see if it would work.
[CODE]
if (file_exists($g[‘filename’])) {
$fp=fopen($g[‘filename’], “r”);
if ($fp) {
header(“Cache-Control: public, must-revalidate”);
header(“Content-Type: application/force-download”);
header(“Content-Disposition: attachment; filename=”” . $g[‘filename’] . “””);
header(“Content-Transfer-Encoding: binary”);
header(“Content-Length: ” . (filesize($g[‘filename’])) );
header(“Pragma: no-cache”);
header(“Expires: 0”);
fpassthru($fp);
}
#readfile($g[‘filename’]); // I used the fpassthru method above
}
Sadly, it didn’t…
So I’ve exhausted most of my options and I can’t find out what is wrong. My original code was pretty much the same as the one I used for the zip download which was successful, except this one isn’t. No headers are sent prior to the download, the dialog box shows up, but the image downloaded from it just plainly doesn’t work.
Help would be greatly appreciated.