| Smart File Downloader - simple script on xampp [message #175960] |
Thu, 10 November 2011 17:38  |
ddk
Messages: 3
Registered: November 2011
Karma: 0
|
Junior Member |
|
|
hello all,
i'm new in php. and i need to apply simple script from this link.
http://www.zubrag.com/scripts/download.php
i use xampp 1.7.7 in windows 2000 server with public IP
What would be my BASE_DIR location if my files that i want downloading
are stored in C:\xampp\htdocs\test123
script :
<?php
###############################################################
# File Download 1.31
###############################################################
# Visit http://www.zubrag.com/scripts/ for updates
###############################################################
# Sample call:
# download.php?f=phptutorial.zip
#
# Sample call (browser will try to save with new file name):
# download.php?f=phptutorial.zip&fc=php123tutorial.zip
###############################################################
// Allow direct file download (hotlinking)?
// Empty - allow hotlinking
// If set to nonempty value (Example: example.com) will only allow
downloads when referrer contains this text
define('ALLOWED_REFERRER', '');
// Download folder, i.e. folder where you keep all files for download.
// MUST end with slash (i.e. "/" )
define('BASE_DIR','/home/user/downloads/');
// log downloads? true/false
define('LOG_DOWNLOADS',true);
// log file name
define('LOG_FILE','downloads.log');
// Allowed extensions list in format 'extension' => 'mime type'
// If myme type is set to empty string then script will try to detect
mime type
// itself, which would only work if you have Mimetype or Fileinfo
extensions
// installed on server.
$allowed_ext = array (
// archives
'zip' => 'application/zip',
// documents
'pdf' => 'application/pdf',
'doc' => 'application/msword',
'xls' => 'application/vnd.ms-excel',
'ppt' => 'application/vnd.ms-powerpoint',
// executables
'exe' => 'application/octet-stream',
// images
'gif' => 'image/gif',
'png' => 'image/png',
'jpg' => 'image/jpeg',
'jpeg' => 'image/jpeg',
// audio
'mp3' => 'audio/mpeg',
'wav' => 'audio/x-wav',
// video
'mpeg' => 'video/mpeg',
'mpg' => 'video/mpeg',
'mpe' => 'video/mpeg',
'mov' => 'video/quicktime',
'avi' => 'video/x-msvideo'
);
####################################################################
### DO NOT CHANGE BELOW
####################################################################
// If hotlinking not allowed then make hackers think there are some
server problems
if (ALLOWED_REFERRER !== ''
&& (!isset($_SERVER['HTTP_REFERER']) ||
strpos(strtoupper($_SERVER['HTTP_REFERER']),strtoupper(ALLOWED_REFERRER))
=== false)
) {
die("Internal server error. Please contact system administrator.");
}
// Make sure program execution doesn't time out
// Set maximum script execution time in seconds (0 means no limit)
set_time_limit(0);
if (!isset($_GET['f']) || empty($_GET['f'])) {
die("Please specify file name for download.");
}
// Nullbyte hack fix
if (strpos($_GET['f'], "\0") !== FALSE) die('');
// Get real file name.
// Remove any path info to avoid hacking by adding relative path, etc.
$fname = basename($_GET['f']);
// Check if the file exists
// Check in subfolders too
function find_file ($dirname, $fname, &$file_path) {
$dir = opendir($dirname);
while ($file = readdir($dir)) {
if (empty($file_path) && $file != '.' && $file != '..') {
if (is_dir($dirname.'/'.$file)) {
find_file($dirname.'/'.$file, $fname, $file_path);
}
else {
if (file_exists($dirname.'/'.$fname)) {
$file_path = $dirname.'/'.$fname;
return;
}
}
}
}
} // find_file
// get full file path (including subfolders)
$file_path = '';
find_file(BASE_DIR, $fname, $file_path);
if (!is_file($file_path)) {
die("File does not exist. Make sure you specified correct file
name.");
}
// file size in bytes
$fsize = filesize($file_path);
// file extension
$fext = strtolower(substr(strrchr($fname,"."),1));
// check if allowed extension
if (!array_key_exists($fext, $allowed_ext)) {
die("Not allowed file type.");
}
// get mime type
if ($allowed_ext[$fext] == '') {
$mtype = '';
// mime type is not set, get from server settings
if (function_exists('mime_content_type')) {
$mtype = mime_content_type($file_path);
}
else if (function_exists('finfo_file')) {
$finfo = finfo_open(FILEINFO_MIME); // return mime type
$mtype = finfo_file($finfo, $file_path);
finfo_close($finfo);
}
if ($mtype == '') {
$mtype = "application/force-download";
}
}
else {
// get mime type defined by admin
$mtype = $allowed_ext[$fext];
}
// Browser will try to save file with this filename, regardless
original filename.
// You can override it if needed.
if (!isset($_GET['fc']) || empty($_GET['fc'])) {
$asfname = $fname;
}
else {
// remove some bad chars
$asfname = str_replace(array('"',"'",'\\','/'), '', $_GET['fc']);
if ($asfname === '') $asfname = 'NoName';
}
// set headers
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Type: $mtype");
header("Content-Disposition: attachment; filename=\"$asfname\"");
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . $fsize);
// download
// @readfile($file_path);
$file = @fopen($file_path,"rb");
if ($file) {
while(!feof($file)) {
print(fread($file, 1024*8));
flush();
if (connection_status()!=0) {
@fclose($file);
die();
}
}
@fclose($file);
}
// log downloads
if (!LOG_DOWNLOADS) die();
$f = @fopen(LOG_FILE, 'a+');
if ($f) {
@fputs($f, date("m.d.Y g:ia")." ".$_SERVER['REMOTE_ADDR']." ".
$fname."\n");
@fclose($f);
}
?>
many thanks before.
|
|
|
|
|
|
| Re: Smart File Downloader - simple script on xampp [message #175974 is a reply to message #175964] |
Sat, 12 November 2011 06:28  |
ddk
Messages: 3
Registered: November 2011
Karma: 0
|
Junior Member |
|
|
On Nov 11, 3:21 pm, "Álvaro G. Vicario"
<alvaro.NOSPAMTH...@demogracia.com.invalid> wrote:
> El 10/11/2011 18:38, ddk escribió/wrote:
>
>> i'm new in php. and i need to apply simple script from this link.
>> http://www.zubrag.com/scripts/download.php
>
>> i use xampp 1.7.7 in windows 2000 server with public IP
>
>> What would be my BASE_DIR location if my files that i want downloading
>> are stored in C:\xampp\htdocs\test123
> [...]
>> // Download folder, i.e. folder where you keep all files for download.
>> // MUST end with slash (i.e. "/" )
>> define('BASE_DIR','/home/user/downloads/');
>
> Have you tried 'C:\xampp\htdocs\test123\'?
>
> --
> --http://alvaro.es- Álvaro G. Vicario - Burgos, Spain
> -- Mi sitio sobre programación web:http://borrame.com
> -- Mi web de humor satinado:http://www.demogracia.com
> --
yes and say "File does not exist. Make sure you specified correct
file name."
|
|
|
|
| Re: Smart File Downloader - simple script on xampp [message #175975 is a reply to message #175960] |
Sat, 12 November 2011 08:21 |
houghi
Messages: 45
Registered: September 2011
Karma: 0
|
Member |
|
|
ddk wrote:
> hello all,
>
> i'm new in php. and i need to apply simple script from this link.
> http://www.zubrag.com/scripts/download.php
>
> i use xampp 1.7.7 in windows 2000 server with public IP
>
> What would be my BASE_DIR location if my files that i want downloading
> are stored in C:\xampp\htdocs\test123
Put a file (e.g. dir.php) in C:\xampp\htdocs\test123:
<?php echo getcwd(); ?>
Now browse to e.g. http://example.com/test123/dir.php and see what the
output is. That should probably be what you need to use.
I have no Windows, so don't blame me if it doesn't work. ;-)
houghi
--
Usenet is like a herd of performing elephants with diarrhea - massive,
difficult to redirect, awe-inspiring, entertaining, and a source of
mind-boggling amounts of excrement when you least expect it.
|
|
|
|
| Re: Smart File Downloader - simple script on xampp [message #175976 is a reply to message #175975] |
Sat, 12 November 2011 09:20 |
houghi
Messages: 45
Registered: September 2011
Karma: 0
|
Member |
|
|
houghi wrote:
>> What would be my BASE_DIR location if my files that i want downloading
>> are stored in C:\xampp\htdocs\test123
>
> Put a file (e.g. dir.php) in C:\xampp\htdocs\test123:
> <?php echo getcwd(); ?>
>
> Now browse to e.g. http://example.com/test123/dir.php and see what the
> output is. That should probably be what you need to use.
The obvious strength of this script is that you can place the files
outside of your browsable directories.
e.g. I have set it to :
define('BASE_DIR','/tmp/');
/tmp is not browsable from the outside world.
This means that the above solution of dir.php might not work. However
with the filenames, it might look as it would be and it should at least
give you an indication of what to use in all other cases like
C:\not\inside\http.
No idea what it would be if the files would be on D:\files_to_download\
I have also edited the 'date' part in the log to look like what I have
in my other logfiles. I would at least add seconds to the logs.
houghi
--
This is written under the inluence of the following:
> Artist : Philip Glass
> Song : 1962 Body Building
> Album : Mishima
|
|
|
|
| Re: Smart File Downloader - simple script on xampp [message #175977 is a reply to message #175960] |
Sat, 12 November 2011 12:58 |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 11/10/2011 12:38 PM, ddk wrote:
> hello all,
>
> i'm new in php. and i need to apply simple script from this link.
> http://www.zubrag.com/scripts/download.php
>
> i use xampp 1.7.7 in windows 2000 server with public IP
>
> What would be my BASE_DIR location if my files that i want downloading
> are stored in C:\xampp\htdocs\test123
>
>
'C:/xampp/htdocs/test123/'
But you should keep the files outside of your website directory -
otherwise people can download them directly if they figure out the path.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
| Re: Smart File Downloader - simple script on xampp [message #175982 is a reply to message #175977] |
Mon, 14 November 2011 09:48 |
ddk
Messages: 3
Registered: November 2011
Karma: 0
|
Junior Member |
|
|
On Nov 12, 7:58 pm, Jerry Stuckle <jstuck...@attglobal.net> wrote:
> On 11/10/2011 12:38 PM, ddk wrote:
>
>> hello all,
>
>> i'm new in php. and i need to apply simple script from this link.
>> http://www.zubrag.com/scripts/download.php
>
>> i use xampp 1.7.7 in windows 2000 server with public IP
>
>> What would be my BASE_DIR location if my files that i want downloading
>> are stored in C:\xampp\htdocs\test123
>
> 'C:/xampp/htdocs/test123/'
>
> But you should keep the files outside of your website directory -
> otherwise people can download them directly if they figure out the path.
>
> --
> ==================
> Remove the "x" from my email address
> Jerry Stuckle
> JDS Computer Training Corp.
> jstuck...@attglobal.net
> ==================
got this, i use xammp in other PC without IP public and successful
with BASE_DIR 'C:/xampp/htdocs/test123/files'
and download files in "files" folder under folder "test123"
but when i set the same configuration with my xammp with IP public ,
it's still get error page below :
Warning: opendir(C:\xampp\htdocs\test123\files) [function.opendir]:
failed to open dir: No such file or directory in E:\xampp\htdocs
\test123\download.php on line 98
Warning: readdir() expects parameter 1 to be resource, boolean given
in E:\xampp\htdocs\test123\download.php on line 100
File does not exist. Make sure you specified correct file name.
it's there any security that i should be allow to access the
directory.
thank you and appreciate for your help.
|
|
|
|
| Re: Smart File Downloader - simple script on xampp [message #175988 is a reply to message #175982] |
Mon, 14 November 2011 12:35 |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 11/14/2011 4:48 AM, ddk wrote:
> On Nov 12, 7:58 pm, Jerry Stuckle<jstuck...@attglobal.net> wrote:
>> On 11/10/2011 12:38 PM, ddk wrote:
>>
>>> hello all,
>>
>>> i'm new in php. and i need to apply simple script from this link.
>>> http://www.zubrag.com/scripts/download.php
>>
>>> i use xampp 1.7.7 in windows 2000 server with public IP
>>
>>> What would be my BASE_DIR location if my files that i want downloading
>>> are stored in C:\xampp\htdocs\test123
>>
>> 'C:/xampp/htdocs/test123/'
>>
>> But you should keep the files outside of your website directory -
>> otherwise people can download them directly if they figure out the path.
>>
>
> got this, i use xammp in other PC without IP public and successful
> with BASE_DIR 'C:/xampp/htdocs/test123/files'
> and download files in "files" folder under folder "test123"
>
>
> but when i set the same configuration with my xammp with IP public ,
> it's still get error page below :
>
>
>
> Warning: opendir(C:\xampp\htdocs\test123\files) [function.opendir]:
> failed to open dir: No such file or directory in E:\xampp\htdocs
> \test123\download.php on line 98
>
> Warning: readdir() expects parameter 1 to be resource, boolean given
> in E:\xampp\htdocs\test123\download.php on line 100
> File does not exist. Make sure you specified correct file name.
>
>
> it's there any security that i should be allow to access the
> directory.
>
> thank you and appreciate for your help.
Yes, Windows security could be stopping it - you need to check that out
in a Windows administration newsgroup.
But it looks like you're files are on an entirely different drive (E:)
on your public server.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
| Re: Smart File Downloader - simple script on xampp [message #175994 is a reply to message #175982] |
Mon, 14 November 2011 13:47 |
Denis McMahon
Messages: 634
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On Mon, 14 Nov 2011 01:48:13 -0800, ddk wrote:
> On Nov 12, 7:58 pm, Jerry Stuckle <jstuck...@attglobal.net> wrote:
>> But you should keep the files outside of your website directory -
>> otherwise people can download them directly if they figure out the
>> path.
> got this, i use xammp in other PC without IP public and successful with
> BASE_DIR 'C:/xampp/htdocs/test123/files' and download files in "files"
> folder under folder "test123"
No, you didn't understand what Jerry was saying.
c:/xampp/htdocs and everything below it is your website.
Jerry is suggesting that you store your downloads somewhere like:
c:/xampp/private/downloads
And then set BASE_DIR as "c:/xampp/private/downloads"
Your method: people can download files using:
http://your-host-name-or-ip/test123/files/filename.ext
Jerry's method, they can't, they *must* use your downloads.php
> but when i set the same configuration with my xammp with IP public ,
> it's still get error page below :
>
> Warning: opendir(C:\xampp\htdocs\test123\files) [function.opendir]:
> failed to open dir: No such file or directory in E:\xampp\htdocs
> \test123\download.php on line 98
For some reason, although you're defining drive C:, it seems to be
looking on drive E:. This suggests something is misconfigured, but as my
experience is more with linux than windows, I can't offer any help.
I suspect you may be suffering path confusion due to running a server on
one machine that is accessing files on another machine across some
microsoft networking implementation.
If you open a command prompt /on the machine that the web server is
running on/, what happens if you try to enter the following commands in
exactly the following sequence:
e:
cd \
cd xampp
cd htdocs
cd test123
dir
cd files
dir
If you get an error after entering any command(s), which command(s), and
what was the error?
> Warning: readdir() expects parameter 1 to be resource, boolean given in
> E:\xampp\htdocs\test123\download.php on line 100 File does not exist.
> Make sure you specified correct file name.
This is telling you that the argument to readdir() is wrong. Look at line
100 of download.php, and trace back to where the relevant argument is
being assigned (if a variable) or defined (if a constant).
> it's there any security that i should be allow to access the directory.
Your web server process will need read access to the directory and the
files in it. If it's trying to handle uploads too, it will also need
write access to the directory.
Rgds
Denis McMahon
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]