Version: 1.3
Type: Sample Code (HOWTO)
Category: File Management
License: GNU General Public License
Description: Forces a script to download attached file with attached filename!!
<?php
/*******************************************************************
* download.php
* -- modified by Abbie
*
* This PHP script sends a file in such a way that most web clients
* will offer to download the file to the client computer. It uses
* the Content-Disposition headeer extension to RFC2616
* (see http://www.w3.org/Protocols/rfc2616/rfc2616.html)
* to suggest the web client should download the file. This is
* implemented on most (but not all) web clients. I have tested it
* on Mozilla, Netscape 4.78 and 6.21, Internet Explorer 5.5, lynx,
* Konqueror and Opera. It works fully on all.
*
* Usage: download.php?filename=name_of_file.extension
*
* Examples: to download the SPSS file data.sav from index.html
* where download.php, index.html and data.sav are all in the
* same directory, put a link in index.html of the form
* <a href="download.php?data.sav">Download SPSS data file</a>.
* You can use paths in the filename, as in
* <a href="download.php?../include/data.sav">Download data</a>.
*
* You can specialise the code by putting a line of the form
* $filename="data.sav";
* immediately after this comment. This will allow you to send
* exactly one file for download, viz data.sav.
*
* Only one variable, $filename, is not defined by default. In
* principle, you can send a the name of the file to download
* through a POST request (e.g. on a form button). I haven't
* tested this.
*
* Restrictions: by default you can't download files with the
* extensions html, phtml, htm, phtm, inc, php or php3. This is to
* avoid potential security problems. For example, it is possible
* to use a PHP file to hide sensitive data such as the password
* to connect to an SQL server. If we allowed this script to offer
* php scripts for download, then a client request of the form
* http://../download.php?sensitive.php could show the raw php file.
*
* Security issues: see the comments under Restrictions above. If
* in doubt, define $filename immediately after this comment and
* use a separate script for each downloadable file. I've tried
* using header( "Location: ... " ) to retrieve the file. It doesn't
* work on a solaris server, but does work on gnu/linux.
*******************************************************************/
$shortname = basename( $filename );
if( file_exists( $filename ) // sanity check
&& !eregi( "p?html?", $filename ) // security check
&& !eregi( "inc", $filename )
&& !eregi( "php3?", $filename ) ){
$size = filesize( $filename );
header("Content-Type: application/save");
header("Content-Disposition: attachment; filename=$shortname");
$fh = readfile("$filename"); // I use this instead of fopen because when fopen is used, it only reads 1KB of data
fpassthru($fh);
exit;
} else {
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD 4.01 Transitional//EN"
"http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Download Error</title>
<style type="text/css">
<!--
body {background-image:url(include/background.gif);
font-family:helvetica,arial,sans-serif}
a:hover {text-decoration:none; border-width:thin; border-style:dotted;
background-color:#f2f2ff; color:#000000}
a:focus {text-decoration:none; background-color:#dadae6; color:#000000}
a:active {text-decoration:none; background-color:#ffffff; color:#000000}
-->
</style>
</head>
<body>
<h1>File <?php print( $basename ) ?> not available</h1>
<p>
Either the file you requested does not exist or you are not permitted to
download it using this page.
</p>
</body>
</html>
<?php
}
?>
