PHP File Download Script Problem

  • (3 Pages)
  • +
  • 1
  • 2
  • 3

34 Replies - 3135 Views - Last Post: 17 February 2014 - 09:26 AM Rate Topic: -----

#31 macosxnerd101   User is online

  • Games, Graphs, and Auctions
  • member icon




Reputation: 12332
  • View blog
  • Posts: 45,435
  • Joined: 27-December 08

Re: PHP File Download Script Problem

Posted 12 February 2014 - 07:24 AM

I'd seriously pick up a book and start working through it. You can read functions on the documentation. It's more important to understand things like arrays, loops, and strings at this point. Check out the Getting Better at Programming PHP thread for a good supplement (note supplement != substitute for a book).
Was This Post Helpful? 0
  • +
  • -

#32 ArtificialSoldier   User is offline

  • D.I.C Lover
  • member icon

Reputation: 2059
  • View blog
  • Posts: 6,306
  • Joined: 15-January 14

Re: PHP File Download Script Problem

Posted 12 February 2014 - 09:35 AM

The theory and syntax is what is important, that's what you need to learn. I don't bother trying to memorize individual functions, if I need to know how a function works I just look it up. I look things up every day even though I've used them several times before. It's important to get an idea about what functions are out there so that you know what is available, but there are ways to do anything that want to do. It's just a matter of looking up how to do those specific things (e.g., how to sort an array, or how to generate random numbers, etc). The important part is understanding the theory of what you're trying to do. If you want a good book to get you started, I would recommend this one:

http://shop.oreilly....636920012443.do

You could just read through the PHP manual, particular the Language Reference, Security, and Features sections, but a book like that will be much more comprehensive. The manual is good, but it doesn't get too much into the theory of programming in general, just about PHP specifically. Take a look around the O'Reilly site to see other popular books and things like that, they have a ton of stuff.

http://www.php.net/manual/en/
Was This Post Helpful? 1
  • +
  • -

#33 chris98   User is offline

  • D.I.C Lover

Reputation: 40
  • View blog
  • Posts: 1,107
  • Joined: 06-July 13

Re: PHP File Download Script Problem

Posted 16 February 2014 - 04:44 AM

Well, thanks guys for the really useful advice. I've learned a lot already just looking through dreamincode.net, and now I finally fully understand the code separation tutorial! I have also took more time looking into arrays, I can create one but I don't yet understand how to use it properly. Here:

$array = array();

$array[] = 'mystring';
$array[] = 'anotherstring';
$array[] = 'finalstring';



How could I actually echo this or use it on a page? - I know I could use print_r but I mean echo it like I echo a string.

I do have one question about this tutorial though: http://www.dreaminco...andling-in-php/

Surely, if I create a session key, for example like and md5 hash and store in in the $_SESSION that will do the same thing as session_regenerate_id() because it will be stopping the user from accessing/altering it without a key providing the one in the database is the same and I constantly check to make sure the one in the DB equals the one in the session?

Like this:
$variable = 'variable';
$_SESSION['key'] = md5($variable);

//go on to update the session key in the database to the current one in MD5



I also took some time to read over the header() in the manual, and I've got my script working!

<?php
require_once('/home/******/include.php');
$log = "UPDATE downloads SET downloads = downloads + 1 WHERE id = :fileid";
$ps = $shn_sites->prepare($log);
$ps->execute(array( 
':fileid'=>$_GET['fileid']));

$get = "SELECT file FROM `downloads` WHERE id = :fileid";
$ps = $shn_sites->prepare($get);
$ps->execute(array( 
':fileid'=>$_GET['fileid']));
$download = $ps->fetch();

if ($download['file'] == '')
{
exit('Bad Request. No such file exists on this server.');
}
echo $download['file'];
$file = '/home/******/'.$download['file'];

if (file_exists($file)) 
{
    header('Content-Description: File Transfer');
    header('Content-Type: application/octet-stream');
    header('Content-Disposition: attachment; filename='.basename($file));
    header('Expires: 0');
    header('Cache-Control: must-revalidate');
    header('Pragma: public');
    header('Content-Length: ' . filesize($file));
    ob_clean();
    flush();
    readfile($file);
    exit;
}


This post has been edited by chris98: 16 February 2014 - 09:31 AM

Was This Post Helpful? 0
  • +
  • -

#34 CTphpnwb   User is online

  • D.I.C Lover
  • member icon

Reputation: 3798
  • View blog
  • Posts: 13,755
  • Joined: 08-August 08

Re: PHP File Download Script Problem

Posted 16 February 2014 - 09:27 AM

echo $array[0] will output: mystring, so you could do something like for($i=0; $i < count($array); $i++) { echo $array[i]."<br>"; } but you should also read up on foreach loops.

This post has been edited by CTphpnwb: 16 February 2014 - 09:27 AM

Was This Post Helpful? 0
  • +
  • -

#35 ArtificialSoldier   User is offline

  • D.I.C Lover
  • member icon

Reputation: 2059
  • View blog
  • Posts: 6,306
  • Joined: 15-January 14

Re: PHP File Download Script Problem

Posted 17 February 2014 - 09:26 AM

Quote

Surely, if I create a session key, for example like and md5 hash and store in in the $_SESSION that will do the same thing as session_regenerate_id() because it will be stopping the user from accessing/altering it without a key providing the one in the database is the same and I constantly check to make sure the one in the DB equals the one in the session?

That's not going to provide much protection, they will always be the same even if someone steals the session cookie. The reason for that is because the session data is not saved on the user's browser, it is saved on the server. The only thing the user gets is a cookie with the session ID in it. They sent the session ID to the server and PHP looks up the session data corresponding to that ID, including your new hash. So just saving a value in the session and also in the database isn't going to provide any protection, they are both stored on the server. If you want to prevent session hijacking you need to change the value stored on the client.
Was This Post Helpful? 0
  • +
  • -

  • (3 Pages)
  • +
  • 1
  • 2
  • 3