Fie Download Script

  • (2 Pages)
  • +
  • 1
  • 2

23 Replies - 1015 Views - Last Post: 04 November 2013 - 10:36 AM Rate Topic: -----

#1 chris98  Icon User is offline

  • D.I.C Addict

Reputation: 35
  • View blog
  • Posts: 883
  • Joined: 06-July 13

Fie Download Script

Posted 18 October 2013 - 12:33 PM

I have downloaded a file download script from tutorialchip.com:

http://www.tutorialc...ad-file-script/

and it was working fine on my home computer - but today, I uploaded it to the server, only changing the download directory, and now it comes up with this:

error message said:

Notice: Use of undefined constant __DIR__ - assumed '__DIR__' in /home/a4971657/public_html/stronghold2/downloads/download.php on line 16


I really don't understand this, as I have only changed one line:

$download_path = CHIP_DEMO_FSROOT . "/home/a4971657/public_html/*directories_to_files*/";



from:

$download_path = CHIP_DEMO_FSROOT . "files/downloads/";



Line 16 is this line:

define( "CHIP_DEMO_FSROOT",    __DIR__ . "/" );



And this hasn't been changed.

Here is some more of the code:

<?php

/*
|-----------------
| Chip Error Manipulation
|------------------
*/

error_reporting(-1);

/*
|-----------------
| Chip Constant Manipulation
|------------------
*/

define( "CHIP_DEMO_FSROOT",				__DIR__ . "/" );

/*
|-----------------
| Chip Download Class
|------------------
*/

require_once("class.chip_download.php");
if ($pun_user['is_guest'])
    header("location: ../login.php");
/*
|-----------------
| Class Instance
|------------------
*/

$download_path = CHIP_DEMO_FSROOT . "/home/a4971657/public_html/files/sh2/files/";
$file = $_REQUEST['fileid'];

$args = array(
		'download_path'		=>	$download_path,
		'file'				=>	$file,		
		'extension_check'	=>	TRUE,
		'referrer_check'	=>	FALSE,
		'referrer'			=>	NULL,
		);
$download = new chip_download( $args );

/*
|-----------------
| Pre Download Hook
|------------------
*/

$download_hook = $download->get_download_hook();
//$download->chip_print($download_hook);
//exit;

/*
|-----------------
| Download
|------------------
*/

if( $download_hook['download'] == TRUE ) {

	/* You can write your logic before proceeding to download */
	
	/* Let's download file */
	$download->get_download();



class.chip_download.php

<?php
/*
|-----------------
| Author:	Life.Object
| E-Mail:	life.object@gmail.com
| Website:	http://www.tutorialchip.com/
| Help:		http://www.tutorialchip.com/php-download-file-script/
| Version:	1.1
| Released: November 29, 2010
| Updated: December 23, 2010
|------------------
*/

class chip_download {
	
	/*
	|---------------------------
	| Properties
	|---------------------------
	*/
	
	private $download_hook = array();
	
	private $args = array(
						'download_path'			=>	NULL,
						'file'					=>	NULL,						
						'extension_check'		=>	TRUE,
						'referrer_check'		=>	FALSE,	
						'referrer'				=>	NULL,					
					);
	
	private $allowed_extensions = array(
						
						/* Archives */
						'zip'	=> 'application/zip'
					
					);
	

	/*
	|---------------------------
	| Constructor
	|
	| @public
	| @param array $args
	| @param array $allowed_extensions
	|
	|---------------------------
	*/
	
	public function __construct( $args = array(), $allowed_extensions = array()  ) {
		
		$this->set_args( $args );
		$this->set_allowed_extensions( $allowed_extensions );
						
	}
	
	/*
	|---------------------------
	| Print variable in readable format
	|
	| @public
	| @param string|array|object $var
	|
	|---------------------------
	*/
	
	public function chip_print( $var ) { 
		
		echo "<pre>";
    	print_r($var);
   	 	echo "</pre>";
	
	}
	
	/*
	|---------------------------
	| Update default arguments
	| It will update default array of class i.e $args
	|
	| @private
	| @param array $args - input arguments
	| @param array $defatuls - default arguments 
	| @return array
	|
	|---------------------------
	*/
	
	private function chip_parse_args( $args = array(), $defaults = array() ) { 
		return array_merge( $defaults, $args );	 
	}
	
	/*
	|---------------------------
	| Get extension and name of file
	|
	| @private
	| @param string $file_name 
	| @return array - having file_name and file_ext
	|
	|---------------------------
	*/
	
	private function chip_extension($file_name) {
		$temp = array();
		$temp['file_name'] = strtolower( substr( $file_name, 0, strripos( $file_name, '.' ) ) );
	    $temp['file_extension'] = strtolower( substr( $file_name, strripos( $file_name, '.' ) + 1 ) );
		return $temp;
	}
	
	/*
	|---------------------------
	| Set default arguments
	| It will set default array of class i.e $args
	|
	| @private
	| @param array $args
	| @return 0
	|
	|---------------------------
	*/
	
	private function set_args( $args = array() ) { 
		
		$defaults = $this->get_args();
		$args = $this->chip_parse_args( $args, $defaults );
		$this->args = $args;	 
	}
	
	/*
	|---------------------------
	| Get default arguments
	| It will get default array of class i.e $args
	|
	| @public
	| @return array
	|
	|---------------------------
	*/
	
	public function get_args() { 
		return $this->args;	 
	}
	
	/*
	|---------------------------
	| Set default allowed extensions
	| It will set default array of class i.e $allowed_extensions
	|
	| @private
	| @param array $allowed_extensions
	| @return 0
	|
	|---------------------------
	*/
	
	private function set_allowed_extensions( $allowed_extensions = array() ) { 
		
		$defaults = $this->get_allowed_extensions();
		$allowed_extensions = array_unique( $this->chip_parse_args( $allowed_extensions, $defaults ) );
		$this->allowed_extensions = $allowed_extensions;	 
	
	}
	
	/*
	|---------------------------
	| Get default allowed extensions
	| It will get default array of class i.e $allowed_extensions
	|
	| @public
	| @return array
	|
	|---------------------------
	*/
	
	public function get_allowed_extensions() { 
		return $this->allowed_extensions;	 
	}
	
	/*
	|---------------------------
	| Set Mimi Type
	| It will set default array of class i.e $allowed_extensions
	|
	| @private
	| @param string $file_path
	! @return string
	|
	|---------------------------
	*/
	
	private function set_mime_type( $file_path ) { 
		
		/* by Function - mime_content_type */
		if( function_exists( 'mime_content_type' ) ) {
			$file_mime_type = @mime_content_type( $file_path );
		}
		
		/* by Function - mime_content_type */
		else if( function_exists( 'finfo_file' ) ) {
			
			$finfo = @finfo_open(FILEINFO_MIME);
			$file_mime_type = @finfo_file($finfo, $file_path);
			finfo_close($finfo);  
		
		}
		
		/* Default - FALSE */
		else {
			$file_mime_type = FALSE;
		 }
		 
		 return $file_mime_type;	 
	
	}
	
	/*
	|---------------------------
	| Get Mimi Type
	| It will set default array of class i.e $allowed_extensions
	|
	| @public
	| @param string $file_path
	! @return string
	|
	|---------------------------
	*/
	
	public function get_mime_type( $file_path ) { 
		return $this->set_mime_type( $file_path );	 
	}
	
	/*
	|---------------------------
	| Pre Download Hook
	|
	| @private
	| @return 0
	|
	|---------------------------
	*/
	
	private function set_download_hook() { 
		
		/* Allowed Extensions */
		$allowed_extensions = $this->get_allowed_extensions();
		
		/* Arguments */
		$args = $this->get_args();		
		
		/* Extract Arguments */
		extract($args);
		
		/* Directory Depth */
		$dir_depth = dirname( $file );
		if ( !empty( $dir_depth ) && $dir_depth != "." ) {
			$download_path = $download_path . $dir_depth . "/";
		} 
		
		/* File Name */
		$file = basename( $file );
		
		/* File Path */
		$file_path = $download_path . $file;
		$this->download_hook['file_path'] = $file_path;
		
		/* File and File Path Validation */
		if( empty( $file ) || !file_exists( $file_path ) ) {
			$this->download_hook['download'] = FALSE;
			$this->download_hook['message'] = "Invalid File or File Path.";
			return 0;
		}
		
		/* File Name and Extension */
		$nameext = $this->chip_extension($file);
		$file_name = $nameext['file_name'];
		$file_extension = $nameext['file_extension'];
		
		$this->download_hook['file'] = $file;
		$this->download_hook['file_name'] = $file_name;
		$this->download_hook['file_extension'] = $file_extension;

		/* Allowed Extension - Validation */
		if ( $extension_check == TRUE && !array_key_exists( $file_extension, $allowed_extensions ) ) {
		  $this->download_hook['download'] = FALSE;
		  $this->download_hook['message'] = "File is not allowed to download"; 
		  return 0;
		}
		
		/* Referrer - Validation */		
		if ( $referrer_check == TRUE && !empty($referrer) && strpos( strtoupper( $_SERVER['HTTP_REFERER'] ), strtoupper( $referrer ) ) === FALSE ) {
			$this->download_hook['download'] = FALSE;
		 	$this->download_hook['message'] = "Internal server error - Please contact system administrator";
			return 0;
		}
		
		/* File Size in Bytes */
		$file_size = filesize($file_path);
		$this->download_hook['file_size'] = $file_size;
		
		/* File Mime Type - Auto, Manual, Default */
		$file_mime_type = $this->get_mime_type( $file_path );		
		if( empty( $file_mime_type ) ) {
			
			$file_mime_type = $allowed_extensions[$file_extension];
			if( empty( $file_mime_type ) ) {
				$file_mime_type = "application/force-download";
			}
		
		}		
		
		$this->download_hook['file_mime_type'] = $file_mime_type;
		
		$this->download_hook['download'] = TRUE;
		$this->download_hook['message'] = "File is ready to download";
		return 0;		
	
	}
	
	/*
	|---------------------------
	| Download Hook
	| Allows you to do some action before download
	|
	| @public
	| @return array
	|
	|---------------------------
	*/
	
	public function get_download_hook() { 
		$this->set_download_hook();
		return $this->download_hook;
	}
	
	/*
	|---------------------------
	| Post Download Hook
	|
	| @private
	| @return array
	|
	|---------------------------
	*/
	
	private function set_post_download_hook() { 
		return $this->download_hook;
	}
	
	/*
	|---------------------------
	| Download
	| Start download stream
	|
	| @public
	| @return 0
	|
	|---------------------------
	*/
	
	public function set_download() { 
		
		/* Download Hook */
		$download_hook = $this->set_post_download_hook();
		
		/* Extract */
		extract($download_hook);
		
		/* Recheck */
		if( $download_hook['download'] != TRUE ) {
			echo "File is not allowed to download";
			return 0;
		}
		
		/* Execution Time Unlimited */
		set_time_limit(0);
		
		/*
		|----------------
		| Header
		| Forcing a download using readfile()
		|----------------
		*/
		
		header('Content-Description: File Transfer');
		header('Content-Type: ' . $file_mime_type);
		header('Content-Disposition: attachment; filename=' . $file);
		header('Content-Transfer-Encoding: binary');
		header('Expires: 0');
		header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
		header('Pragma: public');
		header('Content-Length: ' . $file_size);
		ob_clean();
		flush();
		readfile($file_path);
		exit;
		
	}
	
	/*
	|---------------------------
	| Download
	| Start download stream
	|
	| @public
	| @return array
	|
	|---------------------------
	*/
	
	public function get_download() { 
		$this->set_download();
		exit;
	}

	/*
	|---------------------------
	| Destructor
	|---------------------------
	*/
	
	public function __destruct() {
	}
}
?>



Why is this error appearing?

Can someone please tell me what to do - the only real difference is that the server is on linux, and I have windows.

Is This A Good Question/Topic? 0
  • +

Replies To: Fie Download Script

#2 andrewsw  Icon User is online

  • It's just been revoked!
  • member icon

Reputation: 3741
  • View blog
  • Posts: 13,086
  • Joined: 12-December 12

Re: Fie Download Script

Posted 18 October 2013 - 12:37 PM

__DIR__ was added in PHP 5.3.0. the docs. What version is your server running?

It is equivalent to dirname(__FILE__) so you could use this instead.
Was This Post Helpful? 2
  • +
  • -

#3 chris98  Icon User is offline

  • D.I.C Addict

Reputation: 35
  • View blog
  • Posts: 883
  • Joined: 06-July 13

Re: Fie Download Script

Posted 18 October 2013 - 12:50 PM

PHP 5.2

That will be why.

EDIT:

I have changed it to:

define( "CHIP_DEMO_FSROOT",				dirname(__FILE__). "/" );



But now it comes up with nothing, like it didn't even work and the file isn't there.

If you want a demo, go here:

http://stronghold2.s...d=test_file.zip

This post has been edited by chris98: 18 October 2013 - 12:51 PM

Was This Post Helpful? 0
  • +
  • -

#4 CTphpnwb  Icon User is online

  • D.I.C Lover
  • member icon

Reputation: 3077
  • View blog
  • Posts: 10,793
  • Joined: 08-August 08

Re: Fie Download Script

Posted 18 October 2013 - 01:00 PM

What does this produce?
<?php
$x = dirname(__FILE__);
echo $x;

Was This Post Helpful? 0
  • +
  • -

#5 chris98  Icon User is offline

  • D.I.C Addict

Reputation: 35
  • View blog
  • Posts: 883
  • Joined: 06-July 13

Re: Fie Download Script

Posted 18 October 2013 - 01:02 PM

/home/a4971657/public_html/stronghold2/downloads


EDIT:

I have noticed that using the online file manager shows this as the test_file.zip:

\test_file.zip


Could this have anything to do with it?

This post has been edited by chris98: 18 October 2013 - 01:06 PM

Was This Post Helpful? 0
  • +
  • -

#6 CTphpnwb  Icon User is online

  • D.I.C Lover
  • member icon

Reputation: 3077
  • View blog
  • Posts: 10,793
  • Joined: 08-August 08

Re: Fie Download Script

Posted 18 October 2013 - 02:20 PM

It looks to me like it should work unless the contents of __FILE__ are altered somewhere before reaching that line.
Was This Post Helpful? 0
  • +
  • -

#7 chris98  Icon User is offline

  • D.I.C Addict

Reputation: 35
  • View blog
  • Posts: 883
  • Joined: 06-July 13

Re: Fie Download Script

Posted 19 October 2013 - 12:37 AM

The files are stored in a different directory:

up two directories, then into three more.

../../dir1/dir2/dir3/

(I won't give the exact details, as I don't really want people to know where they are stored, otherwise it defeats the object of having a hide path download file)

But would that not be the root of where the config files are stored for the download script?

I thought that

$download_path = CHIP_DEMO_FSROOT . "/home/a4971657/public_html/*directories_to_downloads*/";



was the path to the download
Was This Post Helpful? 0
  • +
  • -

#8 CTphpnwb  Icon User is online

  • D.I.C Lover
  • member icon

Reputation: 3077
  • View blog
  • Posts: 10,793
  • Joined: 08-August 08

Re: Fie Download Script

Posted 19 October 2013 - 02:53 AM

Security through obscurity is not secure. Maybe you should start thinking about using forced downloads.
Was This Post Helpful? 0
  • +
  • -

#9 chris98  Icon User is offline

  • D.I.C Addict

Reputation: 35
  • View blog
  • Posts: 883
  • Joined: 06-July 13

Re: Fie Download Script

Posted 19 October 2013 - 02:56 AM

Was that not a forced download there?
Was This Post Helpful? 0
  • +
  • -

#10 CTphpnwb  Icon User is online

  • D.I.C Lover
  • member icon

Reputation: 3077
  • View blog
  • Posts: 10,793
  • Joined: 08-August 08

Re: Fie Download Script

Posted 19 October 2013 - 03:08 AM

Ah, so it is. In that case all you need to do is set the permissions so that the script has access to the folder but users do not.

No need to hide/obscure the path.
Was This Post Helpful? 0
  • +
  • -

#11 chris98  Icon User is offline

  • D.I.C Addict

Reputation: 35
  • View blog
  • Posts: 883
  • Joined: 06-July 13

Re: Fie Download Script

Posted 19 October 2013 - 03:11 AM

I have already used the chmod tool to let the directory writable, but would I chmod the file to 777?
Was This Post Helpful? 0
  • +
  • -

#12 CTphpnwb  Icon User is online

  • D.I.C Lover
  • member icon

Reputation: 3077
  • View blog
  • Posts: 10,793
  • Joined: 08-August 08

Re: Fie Download Script

Posted 19 October 2013 - 04:17 AM

If the last digit is 7 then any user can read/write it. The digits are: owner, group, and others. You don't want others to be able to see, read or write the file or even its directory.
Was This Post Helpful? 0
  • +
  • -

#13 chris98  Icon User is offline

  • D.I.C Addict

Reputation: 35
  • View blog
  • Posts: 883
  • Joined: 06-July 13

Re: Fie Download Script

Posted 19 October 2013 - 04:43 AM

I have tried the chmod to 700, but nothing happens still.Would it be done by PHP, or am I close with the chmod?
Was This Post Helpful? 0
  • +
  • -

#14 chris98  Icon User is offline

  • D.I.C Addict

Reputation: 35
  • View blog
  • Posts: 883
  • Joined: 06-July 13

Re: Fie Download Script

Posted 20 October 2013 - 07:49 AM

What could I do to get the download script working? - Do you know any others?
Was This Post Helpful? 0
  • +
  • -

#15 CTphpnwb  Icon User is online

  • D.I.C Lover
  • member icon

Reputation: 3077
  • View blog
  • Posts: 10,793
  • Joined: 08-August 08

Re: Fie Download Script

Posted 20 October 2013 - 12:32 PM

The thing is, chmod should not affect the script. If it does, you've set the permissions incorrectly. What you want is the ability to store files in a subdirectory of the current working directory and have them available to PHP but not to a user. Start by getting the script to work when accessing a subdirectory. When it does, use chmod on it and see if the script still works. When it does, next see if you can access the subdirectory from a browser or other http client. If you can, use chmod again and repeat the testing.
Was This Post Helpful? 0
  • +
  • -

  • (2 Pages)
  • +
  • 1
  • 2