PHP force downloads and updates DECISION does not work

Question

PHP force downloads and updates DECISION does not work

Ultimate goal: Click the link on page 1, eventually upload the file and refresh page 1. Use PHP to download downloads that are not in the public html.

an approach:

Page 1. Transferring links to page 2 to get a variable link to the file I'm working with.

Page 2. Updates the corresponding SQL databases with the information that must be updated before page 1 is updated. Set the first pass session variable. Set the session variable "getvariablereference" from the get variable. Redirect to page 1.

Page 1. If the first session variable is set. Set the second pass session variable. Cancel the first pass variable. Refresh the page. When you reload, the page will be rebuilt using the updated SQL database information (changed on page 2.).

Updated Page 1. If a second pass session variable is set. Run the boot header sequence.

This is page 1. I am not showing the part of page 1 that has a start link. Because it does not matter.

// REFERSH IF FIRSTPASS IS LIVE
if ($_SESSION["PASS1"] == "YES"){
    $_SESSION["PASS1"] = "no";
    $_SESSION["PASS2"] = "YES";
    echo "<script>document.location.reload();</script>";
    }
if ($_SESSION["PASS2"] == "YES"){
    // Grab reference data from session:
        $id = $_SESSION['passreference'];
                // Serve the file download
                        //First find the file location
                        $query = "SELECT * from rightplace
                              WHERE id = '$id'";
                        $result = mysql_query($query);
                        $row = mysql_fetch_array($result);
                        $filename = $row['file'];
                        $uploader = $row['uploader'];   
                            // Setting up download variables
                                $string1 = "/home/domain/aboveroot/";
                                $string2 = $uploader;
                                $string3 = '/';
                                $string4 = $filename;
                                $file= $string1.$string2.$string3.$string4;
                                $ext = strtolower (end(explode('.', $filename)));
                                //Finding MIME type
                                    if($ext == "pdf" && file_exists($file)) {
                                        header("Content-disposition: attachment; filename= '$filename'");
                                        header('Content-type: application/pdf');
                                        readfile($file);
                                        }                                   
                                    if($ext == "doc" && file_exists($file)) {
                                        header("Content-disposition: attachment; filename= '$filename'");
                                        header('Content-type: application/msword');
                                        readfile($file);
                                        }                   
                                    if($ext == "txt" && file_exists($file)) {
                                        header("Content-disposition: attachment; filename= '$filename'");
                                        header('Content-type: text/plain');
                                        readfile($file);
                                        }                   
                                    if($ext == "rtf" && file_exists($file)) {
                                        header("Content-disposition: attachment; filename= '$filename'");
                                        header('Content-type: application/rtf');
                                        readfile($file);
                                        }
                                    if($ext == "docx" && file_exists($file)) {
                                        header("Content-disposition: attachment; filename= '$filename'");
                                        header('Content-type: application/vnd.openxmlformats-officedocument.wordprocessingml.document');
                                        readfile($file);
                                        }
                                    if($ext == "pptx" && file_exists($file)) {
                                        header("Content-disposition: attachment; filename= '$filename'");
                                        header('Content-type: application/vnd.openxmlformats-officedocument.presentationml.presentation');
                                        readfile($file);
                                        }
                                    if($ext == "ppt" && file_exists($file)) {
                                        header("Content-disposition: attachment; filename= '$filename'");
                                        header('Content-type: application/vnd.ms-powerpoint');
                                        readfile($file);
                                        }
                                        }

The script on page 2 is working correctly. It updates the sql database and redirects it to the main page. I also verified that it sets "$ _SESSION ['passreference]]; correctly, and nothing on page 1 will be undone.

, . . , , 2 . 1, , . , script ( ).

:

- , ?
- ?

+5

javascript php refresh session download

user187680 07 . '12 17:27

3

- , , , , . ? header() , .

, , /, . , , , :

1 , 1
1 3 , .

.

+6

John C 08 . '12 1:07

, $ext $file , .
"" , .
, "//Finding MIME type":

$log  = "file='".$file."'\n";
$log .= "ext='".$ext."'\n";
@file_put_contents("/tmp/page1.log", $log, FILE_APPEND);

, "/tmp/page1.log", , $file $ext .
"/tmp/page1.log" , , linux; , "file_put_contents" .
, "if" :

$content_types = array(
    "pdf"  => "application/pdf",
    "doc"  => "application/msword",
    "txt"  => "text/plain",
    "rtf"  => "application/rtf",
    "docx" => "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
    "pptx" => "application/vnd.openxmlformats-officedocument.presentationml.presentation"
);

if (isset($content_types[$ext])) {
    if (file_exists($file)) {
        header("Content-disposition: attachment; filename= '$filename'");
        header('Content-type: '.$content_types[$ext]);
        readfile($file);
        die("");
    } else {
        die("** '".$file."' does not exist **");
    }
} else {
    die("** Unhandled '".$ext."' extension **");
}

, , die(), , .
, , , ; , PHP Fileinfo.
.
, file_exists FALSE file_exists ; . clearstatcache() PHP.

+3

user1419445 09 . '12 20:55

SDwarfs · Accepted Answer · 2012-08-15T13:56:07+0000

PHP-. , . , , , . , , , , PHP, .

window.location.reload(); document.location...
() - . HTML, . . , ( SQL) . . (, ).
$id. (), ; , .
"$ id = addslashes ($ id)"; . , $id = "' 1 (SQL-Injection), . , , .
$result . , , script , () - , . , SQL, . .
, $. , $id ( ).
$filepath = $rootpath. "/". $uploader. "/". $ ; $rootpath , "/" ; ...
MIME- , "if-then" -, . ... .
MIME- (Content-Type: "application/octet-stream), .
_exists() $, , ...

, :

<?php 

function error($message, $info = "") {
  echo "ERROR: $message<br>";
  echo "PRIVATE-INFO: $info"; // probably you only want to log that into a file?
  exit;
}

// REFERSH IF FIRSTPASS IS LIVE
if ($_SESSION["PASS1"] == "YES") {
  $_SESSION["PASS1"] = "no";
  $_SESSION["PASS2"] = "YES";
  echo "<script>window.location.reload();</script>";
  exit;
}


if ($_SESSION["PASS2"] == "YES") {
  // Grab reference data from session:
  $id = $_SESSION['passreference'];

  if (!$id) error("Internal Error ('id' not set)");

  // Select file location from DB
  $id = addslashes($id);
  $query = "SELECT * from rightplace WHERE id = '$id'";
  $result = mysql_query($query);

  if (!$result) error("DB-query execution error", mysql_error());

  $row = mysql_fetch_array($result);
  mysql_free_result($result);

  if (!$row) error("File with ID '$id' was not found in DB.");

  $filename = $row['file'];
  $uploader = $row['uploader'];

  // Setting up download variables
  $rootpath = "/home/domain/aboveroot";
  $filepath = $rootpath . "/" . $uploader . "/" . $filename;
  $ext = strtolower(end(explode('.', $filename)));

  // Serve the file download

  // List of known extensions and their MIME-types...
  $typelist = array(
      "pdf"  => "application/pdf",
      "doc"  => "application/msword",
      "txt"  => "text/plain",
      "rtf"  => "application/rtf",
      "docx" => "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
      "pptx" => "application/vnd.openxmlformats-officedocument.presentationml.presentation",
      "ppt"  => "application/vnd.ms-powerpoint"
  );

  // set default content-type
  $type = "application/octet-stream";

  // for known extensions, assign specific content-type
  if (!isset($typelist[$ext])) $type = $typelist[$ext];

  if (file_exists($filepath)) {
    header("Content-disposition: attachment; filename= '$filename'");
    header("Content-type: $type");
    readfile($filepath);
  } else {
    error("Error: File '$filepath' was not found!", $filepath);
  }
}

?>

:

, . , , , , PHP script HTML. , php "chrooted" , "/" , . "/home/username/". , "/home/username/dir/file", "/dir/file" PHP . , "/home/username/html"; "html". , HTML ".htaccess". "DENY FROM ALL", ( ). Apache. ... http://www.php.net/manual/en/ini.core.php#ini.open-basedir
, ( ) , script . ( linux) PHP , , "", script. "ftp" , , ftp-. , . = > : , - (, "www-data", "www-run" "apache" ). , , , script .
move_uploaded_file (...), : www.php.net/manual/en/function.move-uploaded-file.php; , .

PHP force downloads and updates DECISION does not work

:

More articles: