Download Media files
An easy to use force file download script, especially useful for sites that have large media files and would like force people to download the files instead of having them run remotely off their web server. This is most commonly applied to mp3’s, video clips, pdf files and more.
This script is used on the doll maker page to force download the doll gif/png file. (See the middle disk button below the doll)
Cache-Control: public
Instructs the proxies that these files are cachable, “Cache-Control: public” and allows proxies, gateways and the client browser to cache the files to reduce the bandwidth consumption to the server.
Content-Disposition: filename and attachment
Identify the file as an attachment.
Force Download Usage
http://www.yoursite.com/force-download.php?file=filepath
It is VERY STRONGLY recommended that the above functionality is only used internally and is not viewable from the web site since this would represent a security breach of the site.
Security
If you expose this in a URL you are essentially posting a large sign titled “Hack me!”
What to do? Use literal values to represent your files that you would access, thus a value of “1” would represent the file xyz.pdf, a value of “2” would represent the file abc.mp3, and so on. Thus the only DOWNLOADABLE files are those specifically HARD-CODED in your script.
File download script
Below is the force-download.php script, save it as a standalone script:
The force download script failed when the apache server enabled output compression. This has been fixed below, check to see if compression is enabled (zlib.output_compression), if so its turned off. This error ONLY occurs on some IE browsers. It seems that if the html page (or other file type) it receives will make it ignore the content disposition tag. Also setting the cache-control to public allows the file to be found (another IE quirk) (fixed Feb 16 2005)
An error was fixed in the script, $file-extension should be $file_extension. (fixed Oct 11 2004)
An error was fixed in the script, if the filename had spaces in it, it would not work
attachment; filename=”.basename($filename).”;” ); -> attachment; filename=\””.basename($filename).”\”;” ); (fixed by Rajkumar Singh, Aug 18 2005)
<?php
$filename = $_GET[‘file’];
// required for IE, otherwise Content-disposition is ignored
if(ini_get(‘zlib.output_compression’))
ini_set(‘zlib.output_compression’, ‘Off’);
// addition by Jorg Weske
$file_extension = strtolower(substr(strrchr($filename,”.”),1));
if( $filename == “” )
{
echo “<html><title>eLouai’s Download Script</title><body>ERROR: download file NOT SPECIFIED. USE force-download.php?file=filepath</body></html>”;
exit;
} elseif ( ! file_exists( $filename ) )
{
echo “<html><title>eLouai’s Download Script</title><body>ERROR: File not found. USE force-download.php?file=filepath</body></html>”;
exit;
};
switch( $file_extension )
{
case “pdf”: $ctype=”application/pdf”; break;
case “exe”: $ctype=”application/octet-stream”; break;
case “zip”: $ctype=”application/zip”; break;
case “doc”: $ctype=”application/msword”; break;
case “xls”: $ctype=”application/vnd.ms-excel”; break;
case “ppt”: $ctype=”application/vnd.ms-powerpoint”; break;
case “gif”: $ctype=”image/gif”; break;
case “png”: $ctype=”image/png”; break;
case “jpeg”:
case “jpg”: $ctype=”image/jpg”; break;
default: $ctype=”application/force-download”;
}
header(“Pragma: public”); // required
header(“Expires: 0”);
header(“Cache-Control: must-revalidate, post-check=0, pre-check=0”);
header(“Cache-Control: private”,false); // required for certain browsers
header(“Content-Type: $ctype”);
// change, added quotes to allow spaces in filenames, by Rajkumar Singh
header(“Content-Disposition: attachment; filename=\””.basename($filename).”\”;” );
header(“Content-Transfer-Encoding: binary”);
header(“Content-Length: “.filesize($filename));
readfile(“$filename”);
exit();
?>
well.. it’s like I thought!