Thread: Help needed!! htaccess question

OK I usually do VB but now have a serious prb.

I want to be able to have potential clients download my programs from the net. At my ISP, the admin moved the exe files I had for download into a folder that is outside of the virtual root, so that not anybody could access them via a normal url. The structure is like this:

+/Private folder
| +--Program.exe
|
+---/Virtual root

Now all my .htm files etc are in the virtual root but how can I get scripts to download the program when it has been moved outside the root??

I need somebody to walk me through this PLEEZ!!

Thanks in advance...

direct links?

If they cant access them from a normal URL you could create a page the opens the file and sends it to their browser, like the data was stored in a database.

Well I tried accessing the program by using a link from the virtual root as such:


http://www.server.com/../program.exe, but that does not work. My point is how to reference the file at that position. I wouldn't mind a redirection script at all, but the prb is I donlt quite know how to do it.

How would I create this redirection when I cannot access the file to download from an url???

Your help would be most appreciated!!!

Tks...


I have heard of other people using htaccess files but after searching I have found they are not the best option and this is not the solution here, as the method to protect the file is already in place. Just too protected that I also can't get at it!!!

ok, so you're not going for a direct link.

how about using $_SERVER["SERVER_NAME"]

to get the www.server.com bit, then add on the rest.

Hi Acidic

I think the moral of the story is that the files are not externally accessible from any webbrowser using any url.

I have read one very bad exmple on the net about a php script that sends back headers to the client. In the headers it showed that the mime type was x-application or something similar. I think the browser is supposed to receive the headers that also contain the file information to download, and then begin dolwnloading the file. Kinda like the server is taking control instead of the client. In lieu of this, what John said sounds right. But practically I do not know how to implement this...

Code:

<?php
header('Content-type: application/octet-stream');
readfile('c:\path\to.exe');
?>

This should in theory work. The browser might not download it, though. If it does, it will very likely recommend the name of your script as filename, not the name of the exe. See the documentation of the header function in PHP for a possible solution.

Of course your web server needs access rights to the exe file.


But isn't the real problem here that your server admin moved a file without asking you? If you want the file in the virtual root, why shouldn't it be there?

PHP Code:

<?
if(!empty($_REQUEST['ID'])){

$files = array(
        "1" => 'test.jpg',
        "app" => 'filename.exe'
        );
//array of files you want be downloaded
//also u can create your own ID tag for them


header('Content-Type: application/octet-stream');
header ("Content-Disposition: attachment; filename=".$files[$_REQUEST['ID']]); 

$path = "c:\\inetpub\\htdocs\\php\\";
//path to the folder where your files are

$fp = fopen($path.$files[$_REQUEST['ID']],'r');
while(!feof($fp))
    echo fread($fp,1024);
}
?>

Thanks a stack for your responses

John and CornedBee, both you guys are right..
I continued searching more and finally came up with something similar at the link below:

http://www.bme.ie/resource/php/phpap...ownload_en.htm


I will try all your ideas and post back soon...

Sorry CB, didn't answer your question, but the admin spoke to my boss and my boss is a security freak. By deduction, that should answer your quezzie!!!

PHP Code:

<?php

//////////////////////////////////////////////////////////////////////////////////////////////
//This downlaods a file from the protected folder out of the virtual root        //////
//////////////////////////////////////////////////////////////////////////////////////////////


function DownloadFile($filename) 
{ 
    // Check filename 
    if (empty($filename) || !file_exists($filename)) 
    { 
        return FALSE; 
    } 
    // Create download file name to be displayed to user 
    $saveasname = basename($filename); 
    // Send binary filetype HTTP header 
    header('Content-Type: application/octet-stream'); 
    // Send content-length HTTP header 
    header('Content-Length: '.filesize($filename)); 
    // Send content-disposition with save file name HTTP header 
    // (using workaround for MSIE 5.5 SP1 / MSIE 6.0 bugs/problems) 
    $browser = getGlobalVar('HTTP_USER_AGENT'); 
    if (preg_match('/MSIE 5.5/', $browser) 
     || preg_match('/MSIE 6.0/', $browser)) 
    { 
        header('Content-Disposition: filename="'.$saveasname.'"'); 
    } 
    else 
    { 
        header('Content-Disposition: attachment; filename="'.$saveasname.'"'); 
    } 
    // Send Content-Transfer-Encoding HTTP header 
    // (use binary to prevent files from being encoded/messed up during transfer) 
    header('Content-Transfer-Encoding: binary'); 
    // Output file 
    readfile($filename); 
    // Done 
    return TRUE; 
} 


function getGlobalVar($g, $formflag = 0) 
// Get global PHP variable value 
// Returns: global variable value or empty string if not available 
// Parameters: 
//  $g        : Global PHP variable name 
//  $formflag : Flag - global var from GET/POST input 
{ 
    if (empty($g)) 
    { 
        return 0; 
    } 
    // Try superglobal access (PHP 4.1.0+) 
    if ($formflag) 
    { 
        if (isset($_GET[$g])) 
        { 
            return $_GET[$g]; 
        } 
        if (isset($_POST[$g])) 
        { 
            return $_POST[$g]; 
        } 
        if (isset($_REQUEST[$g])) 
        { 
            return $_REQUEST[$g]; 
        } 
    } 
    else 
    { 
        if (isset($_SERVER[$g])) 
        { 
            return $_SERVER[$g]; 
        } 
        if (isset($_ENV[$g])) 
        { 
            return $_ENV[$g]; 
        } 
    } 
    // Try superglobal access (PHP 3.0.0+) 
    if (isset($GLOBALS[$g])) 
    { 
        return $GLOBALS[$g]; 
    } 
    // Try global variable access (PHP 3+) 
    global $$g; 
    if (!empty($$g)) 
    { 
        return $$g; 
    } 
    // Assume global variable empty/not set 
    return(''); 
} 


//$filedownload = $_REQUEST['file'];

?>

This code tries to download the binary exe file that i refrence on the server and tries to display it in the browser!!!

OK CB - your code works, now trying Johns...

One last prob.

I have a situation where thee user submits their details on a form prior to downloading the app. When they click the send button, the site sends an email to the user confirming their action, and also sends an email to me. Then the script navigates to an infomation page eg "thank you for downloading..."

I want this page to stay current when the download begins so that the user does not end up looking at a blank scren.

Do you know how this can be done???

you could use JavaScript to pop up a new window for the download, which should auto-close when the download started as long as you don't send anything besides headers to the browser

Thanks John - I am using your example now!!

The only thing left in that area is to make sure that the url is called from a single script.

Still have to think about the popup story....

Code:

<script language="javascript">
 setTimeout("window.open('downlaod.php?ID=whatever');",2000)

</script>

try something like that to open the download.