Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 559
  • Last Modified:

My PHP download creates a 1K file

I found some code to download a file from outside of my root folder - which I like very much :-)  Q_23598461.html

I'm trying to allow logged in users to download a zipped file.   I use a session variable in my test code.  It appears to find the file, but the downloaded file is only 1Kb.

$filename = '../private/test/'.$_SESSION['Download'];
if(isset($_SESSION['Download']) && file_exists($filename))

if(file_exists($filename))
      {
            header("Content-Disposition: attachment; filename=\"".$_SESSION['Download']."\";" );
            header("Content-Transfer-Encoding: binary");
            header("Content-Type: application/zip");
            header("Content-Length: ".filesize($filename));
            include('../private/test/'.$_SESSION['Download']);

      }
else { print 'You cannot access this file directly!'; }
0
ChampagneGal
Asked:
ChampagneGal
1 Solution
 
Randy PooleCommented:
Try this:
$filename = '../private/test/'.$_SESSION['Download'];
if(isset($_SESSION['Download']) && file_exists($filename))

if(file_exists($filename))
      {
            header("Content-Disposition: attachment; filename=\"".$_SESSION['Download']."\";" );
            header("Content-Transfer-Encoding: binary");
            header("Content-Type: application/zip");
            header('Expires: 0');
            header('Cache-Control: must-revalidate');
            header('Pragma: public');
            header('Content-Length: ' . filesize($filename));
            readfile($filename);
            exit;
      }
else { print 'You cannot access this file directly!'; }

Open in new window

0
 
Chris HarteThaumaturgeCommented:
That is not the code you were given in Q_23598461.html. Lose the extraneous if and the zip type, which will try to open the zip file rather than transfer it.

$filename = '../private/test/'.$_SESSION['Download'];

if (isset($_SESSION['Download']) 
    && file_exists($filename))
{
    header("Content-Disposition: attachment; filename=\"".$_SESSION['Download']."\";" );
    header("Content-Transfer-Encoding: binary");
   // header("Content-Type: application/zip");
    header("Content-Length: ".filesize($filename));
    include('../private/test/'.$_SESSION['Download']);
}
else 
{ 
    print 'You cannot access this file directly!'; 
}

Open in new window

0
 
Randy PooleCommented:
Actually "Content-Disposition: attachment" tells the browser to download the file instead of open it.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Ray PaseurCommented:
How to protect a script so that only the "logged-in" users can run it:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html

How to force a download:
<?php // demo/temp_drdammit.php
error_reporting(E_ALL);
ini_set('display_errors', TRUE);
ini_set('log_errors',     TRUE);


// DEMONSTRATE HOW TO CAUSE A FILE DOWNLOAD


// REQUIRED FOR USE WITH THE PHP date() FUNCTIONS
date_default_timezone_set('America/New_York');

// A FILE TO DOWNLOAD - THIS LINK COULD COME IN THE URL VIA $_GET, OR COULD BE GENERATED INSIDE THE SCRIPT
$url = 'http://www.IcoNoun.com/demo/short_text_file.txt';

// THE USE CASE FOR THE FUNCTION
force_download($url);


// FUNCTION TO FORCE A DOWNLOAD FROM A FILE
function force_download($url, $filename='whatever.txt')
{
    $hdr = get_headers($url, TRUE);
    $len = trim($hdr['Content-Length']);
    $fpr = fopen($url,'rb');

    // SUCCESS
    if ($fpr)
    {
        // THESE HEADERS ARE USED ON ALL BROWSERS
        header("Content-Type: application-x/force-download");
        header("Content-Disposition: attachment; filename=$filename");
        header("Content-length: $len");
        header("Expires: ".gmdate("D, d M Y H:i:s", mktime(date("H")+2, date("i"), date("s"), date("m"), date("d"), date("Y")))." GMT");
        header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");

        // THIS HEADER MUST BE OMITTED FOR IE 6+
        if (FALSE === strpos($_SERVER["HTTP_USER_AGENT"], 'MSIE '))
        {
            header("Cache-Control: no-cache, must-revalidate");
        }

        // THIS IS THE LAST HEADER
        header("Pragma: no-cache");

        // FLUSH THE HEADERS TO THE BROWSER
        flush();

        // WRITE THE FILE
        fpassthru($fpr);
    }

    // ERROR
    else
    {
        trigger_error("ERROR: UNABLE TO OPEN $url", E_USER_ERROR);
    }
}

Open in new window

0
 
gr8gonzoConsultantCommented:
And also, Randy is correct that readfile() should be used if you're trying to stream the contents of a file. Include() will process that file as a PHP script.
0
 
ChampagneGalAuthor Commented:
Thank you SOOOOO much.   It works beautifully :-)
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now