Home Tutorials Forums Articles Blogs Movies Library Employment Press

Go Back   ActionScript.org Forums > Supporting Technologies > Server-Side Scripting

Reply
 
Thread Tools Rate Thread Display Modes
Old 02-23-2005, 09:37 PM   #1
krs1ars
Registered User
 
Join Date: Feb 2005
Posts: 5
Default real quick php forced download question

Hey all, just a quick question for something with my site. I'm looking to have a download prompt pop up for mp3 files on a button release. I am under the impression that php is the only way to do this, but since I'm terrible with php, I'm stuck.

Here's the flash button script.
ActionScript Code:
on (release) { lvOut = new LoadVars(); lvOut.file = "/" + _root.path + ".mp3"; lvOut.sendAndLoad("/dl.php", lvOut, "GET"); }
Where _root.path is something like "Artist - Title" in plane text, but it is the same as the file name.


And here's the php.
PHP Code:
header("HTTP/1.0 204 No Content");
$basedir "http://www.mysite.com/workingfolder/";
header("Content-Type: octet/stream");
header("Content-Disposition: attachment; filename=\"".$_GET['file']."\"");
$fp fopen($basedir.$_GET['file'], "r");
$data fread($fpfilesize($basedir.$_GET['file']));
fclose($fp);
print 
$data
Any help would be greatly appreciated.

Kevin
krs1ars is offline   Reply With Quote
Old 02-23-2005, 10:51 PM   #2
krs1ars
Registered User
 
Join Date: Feb 2005
Posts: 5
Question Forced Download in Flash

Hey,

I'm trying to put a button in my swf that gives the user the standard download prompt, especially for files that would normally be opened in the browser (.mp3 files) etc.

I'm pretty clueless about how to do this even in general, in html.

I'd imagine it'd take some sort of php or javascript wizardry that I know notihng about. Again, any help appreciated.

Kevin
krs1ars is offline   Reply With Quote
Old 02-25-2005, 04:50 AM   #3
Dark_Element
Lolen
 
Dark_Element's Avatar
 
Join Date: Aug 2004
Location: Australia->Gold Coast
Posts: 413
Default

Quote:
crispiness at fastmail dot fm
12-Jan-2005 02:09
If the below post didn't make this clear... be VERY VERY CAREFUL with download scripts! I had a vulnerability for years in my download counting script; namely, the user could download ANY file on the server. Including the PHP files that contained my database password!

The same potential vulnerability applies to any script that displays or downloads files from your server. Caveat scriptor (let the programmer beware; and no, that's not proper Latin)!
aarondunlap.com
29-Dec-2004 08:17
I just made a function to allow a file to force-download (for a script to disallow file links from untrusted sites -- preventing mp3/video leeching on forums), and I realized that a script like that could potentially be very dangerous.

Someone could possibly exploit the script to download sensitive files from your server, like your index.php or passwords.txt -- so I made this switch statement to both allow for many file types for a download script, and to prevent certain types from being accessed.

<?php

function dl_file($file){

//First, see if the file exists
if (!is_file($file)) { die("<b>404 File not found!</b>"); }

//Gather relevent info about file
$len = filesize($file);
$filename = basename($file);
$file_extension = strtolower(substr(strrchr($filename,"."),1));

//This will set the Content-Type to the appropriate setting for the file
switch( $file_extension ) {
case "pdf": $ctype="application/pdf"; break;
case "exe": $ctype="application/octet-stream"; break;
case "zip": $ctype="application/zip"; break;
case "doc": $ctype="application/msword"; break;
case "xls": $ctype="application/vnd.ms-excel"; break;
case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
case "gif": $ctype="image/gif"; break;
case "png": $ctype="image/png"; break;
case "jpeg":
case "jpg": $ctype="image/jpg"; break;
case "mp3": $ctype="audio/mpeg"; break;
case "wav": $ctype="audio/x-wav"; break;
case "mpeg":
case "mpg":
case "mpe": $ctype="video/mpeg"; break;
case "mov": $ctype="video/quicktime"; break;
case "avi": $ctype="video/x-msvideo"; break;

//The following are for extensions that shouldn't be downloaded (sensitive stuff, like php files)
case "php":
case "htm":
case "html":
case "txt": die("<b>Cannot be used for ". $file_extension ." files!</b>"); break;

default: $ctype="application/force-download";
}

//Begin writing headers
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");

//Use the switch-generated Content-Type
header("Content-Type: $ctype");

//Force the download
$header="Content-Disposition: attachment; filename=".$filename.";";
header($header );
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".$len);
@readfile($file);
exit;
}

?>

This works in both IE and Firefox.
That code is from PHP.net http://www.php.net/header

should work lol
Dark_Element is offline   Reply With Quote
Old 02-25-2005, 10:01 PM   #4
krs1ars
Registered User
 
Join Date: Feb 2005
Posts: 5
Default

Many thanks. One problem though. I guess there's some issue with how php adresses a file and sends it throug the header.
Here's what happens.

Say for a file artist - title.mp3
the script will download the entire file, but it will be labeled "artist" without the rest of the file name or the entension. I figure I can probably fix this just by using underscores, but is there any way I can keep the spaces?
krs1ars is offline   Reply With Quote
Old 02-25-2005, 10:19 PM   #5
CyanBlue
Super Moderator
 
CyanBlue's Avatar
 
Join Date: Jan 2002
Location: Centreville, VA
Posts: 26,666
Default

Maybe you should really avoid using the file name with the space because that might just give you more trouble with some hosts and whatnots... It's easier to add the underscore to rid the headaches... Just a thought...
__________________
CyanBlue / Jason Je / Macromedia Certified Flash Developer & Designer
http://CyanBlue.FlashVacuum.com
http://www.FlashVacuum.com
http://tutorials.FlashVacuum.com

Do NOT PM, Email or Call me... Your question belongs right in this forum...
CyanBlue is offline   Reply With Quote
Old 02-25-2005, 11:03 PM   #6
Dark_Element
Lolen
 
Dark_Element's Avatar
 
Join Date: Aug 2004
Location: Australia->Gold Coast
Posts: 413
Default

try %20 ? donno if it will work lol... though in URL its fine
Dark_Element is offline   Reply With Quote
Reply


Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:11 PM.

///
Follow actionscriptorg on Twitter

 


Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Ad Management plugin by RedTyger
Copyright 2000-2013 ActionScript.org. All Rights Reserved.
Your use of this site is subject to our Privacy Policy and Terms of Use.