My PHP download creates a 1K file

I found some code to download a file from outside of my root folder - which I like very much :-)  Q_23598461.html

I'm trying to allow logged in users to download a zipped file.   I use a session variable in my test code.  It appears to find the file, but the downloaded file is only 1Kb.

$filename = '../private/test/'.$_SESSION['Download'];
if(isset($_SESSION['Download']) && file_exists($filename))

if(file_exists($filename))
      {
            header("Content-Disposition: attachment; filename=\"".$_SESSION['Download']."\";" );
            header("Content-Transfer-Encoding: binary");
            header("Content-Type: application/zip");
            header("Content-Length: ".filesize($filename));
            include('../private/test/'.$_SESSION['Download']);

      }
else { print 'You cannot access this file directly!'; }
ChampagneGalAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Randy PooleCommented:
Try this:
$filename = '../private/test/'.$_SESSION['Download'];
if(isset($_SESSION['Download']) && file_exists($filename))

if(file_exists($filename))
      {
            header("Content-Disposition: attachment; filename=\"".$_SESSION['Download']."\";" );
            header("Content-Transfer-Encoding: binary");
            header("Content-Type: application/zip");
            header('Expires: 0');
            header('Cache-Control: must-revalidate');
            header('Pragma: public');
            header('Content-Length: ' . filesize($filename));
            readfile($filename);
            exit;
      }
else { print 'You cannot access this file directly!'; }

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Chris HarteThaumaturgeCommented:
That is not the code you were given in Q_23598461.html. Lose the extraneous if and the zip type, which will try to open the zip file rather than transfer it.

$filename = '../private/test/'.$_SESSION['Download'];

if (isset($_SESSION['Download']) 
    && file_exists($filename))
{
    header("Content-Disposition: attachment; filename=\"".$_SESSION['Download']."\";" );
    header("Content-Transfer-Encoding: binary");
   // header("Content-Type: application/zip");
    header("Content-Length: ".filesize($filename));
    include('../private/test/'.$_SESSION['Download']);
}
else 
{ 
    print 'You cannot access this file directly!'; 
}

Open in new window

0
Randy PooleCommented:
Actually "Content-Disposition: attachment" tells the browser to download the file instead of open it.
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

Ray PaseurCommented:
How to protect a script so that only the "logged-in" users can run it:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html

How to force a download:
<?php // demo/temp_drdammit.php
error_reporting(E_ALL);
ini_set('display_errors', TRUE);
ini_set('log_errors',     TRUE);


// DEMONSTRATE HOW TO CAUSE A FILE DOWNLOAD


// REQUIRED FOR USE WITH THE PHP date() FUNCTIONS
date_default_timezone_set('America/New_York');

// A FILE TO DOWNLOAD - THIS LINK COULD COME IN THE URL VIA $_GET, OR COULD BE GENERATED INSIDE THE SCRIPT
$url = 'http://www.IcoNoun.com/demo/short_text_file.txt';

// THE USE CASE FOR THE FUNCTION
force_download($url);


// FUNCTION TO FORCE A DOWNLOAD FROM A FILE
function force_download($url, $filename='whatever.txt')
{
    $hdr = get_headers($url, TRUE);
    $len = trim($hdr['Content-Length']);
    $fpr = fopen($url,'rb');

    // SUCCESS
    if ($fpr)
    {
        // THESE HEADERS ARE USED ON ALL BROWSERS
        header("Content-Type: application-x/force-download");
        header("Content-Disposition: attachment; filename=$filename");
        header("Content-length: $len");
        header("Expires: ".gmdate("D, d M Y H:i:s", mktime(date("H")+2, date("i"), date("s"), date("m"), date("d"), date("Y")))." GMT");
        header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");

        // THIS HEADER MUST BE OMITTED FOR IE 6+
        if (FALSE === strpos($_SERVER["HTTP_USER_AGENT"], 'MSIE '))
        {
            header("Cache-Control: no-cache, must-revalidate");
        }

        // THIS IS THE LAST HEADER
        header("Pragma: no-cache");

        // FLUSH THE HEADERS TO THE BROWSER
        flush();

        // WRITE THE FILE
        fpassthru($fpr);
    }

    // ERROR
    else
    {
        trigger_error("ERROR: UNABLE TO OPEN $url", E_USER_ERROR);
    }
}

Open in new window

0
gr8gonzoConsultantCommented:
And also, Randy is correct that readfile() should be used if you're trying to stream the contents of a file. Include() will process that file as a PHP script.
0
ChampagneGalAuthor Commented:
Thank you SOOOOO much.   It works beautifully :-)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.