Results 1 to 16 of 16
  1. #1
    Newbie
    Join Date
    January 18th, 2005
    Posts
    24
    Hi there,

    I would like to offer some pdf documents to my visitors, but I want the browser to force a download instead of showing the pdf document before. Unfortunately I cannot find a solution.

    This is my php4 script:

    $pdfname="test.pdf";
    header ("Content-Type: application/force-download");
    //
    // header ("Content-Type: application/pdf"); also doesn't work
    //
    header("Content-Transfer-Encoding: Binary");
    header ("Content-Disposition: attachment; filename=$pdfname");
    readfile($pdfname);

    Download dialog starts (IE5.5), but I can't open downloaded file test.pdf. The file is corrupted.

    I tried a lot but nothing seems to work. Is this an IE bug or what is my mistake?

    Thank you for your help

    Best regards

    Helmut

  2. #2
    ABW Founder Haiko de Poel, Jr.'s Avatar
    Join Date
    January 18th, 2005
    Location
    New York
    Posts
    21,609
    Helmut,

    Might be to easy of an answer, but why not zip the pdfs and make the download point to the respective zip files?

    <font size="2" face="Verdana">Haiko


    The secret of success is constancy of purpose. ~ Disraeli
    </font></p>

  3. #3
    ABW Ambassador FFoc's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,015
    yup - zip it..

    --
    "The greatest good you can do for another is not just to share your riches, but to reveal to him his own." – Benjamin Disraeli
    --
    Ford Fox-body Owners Club -- http://www.ford-fox.org

  4. #4
    Newbie Affiliate Ian's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,540
    I always wondered about this question too. Some of our users really won't know what to do with a zip file. If you find a php script that forces the download of a PDF file, please share it here.

    At the moment, I am telling the users to Right Click and Save Target As. This might work for you as well.

    Thanks!

    Ian Lee, M.Sc.

    Internet Marketing Strategist / Affiliate Manager
    EYI, Inc.
    ilee_NO_SPAM@eyi.us
    http://www.eyiproducts.com/affiliate.html
    604-596-9766

    Personal Sites: ADS-Links.com | HealthCastle.com

  5. #5
    ABW Ambassador FFoc's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,015
    Self-extracting zip that is set to run the pdf when opened...

    Then all they need to do is click on it.

    However, if they are running XP all they need to do is click on the zip anyway - XP treats it as a folder.

    Something else to try --
    If you have .htaccess files turned on, you can insert a line in the folder with the PDFs:
    <pre class="ip-ubbcode-code-pre">
    AddType application/x-ms-download .pdf
    </pre>

    Dunno if it'd work correctly, the browser compares the extension with the listed helper plugins anyway..

    --
    "The greatest good you can do for another is not just to share your riches, but to reveal to him his own." – Benjamin Disraeli
    --
    Ford Fox-body Owners Club -- http://www.ford-fox.org

  6. #6
    Newbie Affiliate Ian's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,540
    FFoc, ahhh, forgot about self-extracting zip option. Thanks! And good to see you posting here again.

    Ian Lee, M.Sc.

    Internet Marketing Strategist / Affiliate Manager
    EYI, Inc.
    ilee_NO_SPAM@eyi.us
    http://www.eyiproducts.com/affiliate.html
    604-596-9766

    Personal Sites: ADS-Links.com | HealthCastle.com

  7. #7
    ABW Ambassador FFoc's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,015
    I had moved, and was sans internet for a month +

    --
    "The greatest good you can do for another is not just to share your riches, but to reveal to him his own." – Benjamin Disraeli
    --
    Ford Fox-body Owners Club -- http://www.ford-fox.org

  8. #8
    ABW Ambassador FFoc's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,015
    ok, here I found a script:

    <pre class="ip-ubbcode-code-pre">
    &lt;?php
    $name = "file.zip";
    $dbn = "location/to_file/".$name."";
    $fp = fopen($dbn, "rb");
    $sdata = fread($fp, filesize($dbn));
    fclose($fp);
    if (strstr($_SERVER["HTTP_USER_AGENT"],"MSIE 5.5")) {
    $att = "";
    } else {
    $att = " attachment;";
    }

    header('Cache-control: max-age=31536000');
    header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
    header('Content-Length: '.filesize($dbn).'');
    header('Content-Type: application/download; name="'.$name.'"');
    header('Content-Disposition:'.$att.' filename="'.$name.'"');
    header('Content-Transfer-Encoding: binary');
    echo $sdata;
    ?&gt;
    </pre>

    Don't blame me if it don't work, I haven't tested it

    Someone else said to set the content-type field to "application/octet-stream"...

    --
    "The greatest good you can do for another is not just to share your riches, but to reveal to him his own." – Benjamin Disraeli
    --
    Ford Fox-body Owners Club -- http://www.ford-fox.org

  9. #9
    ABW Ambassador cditty's Avatar
    Join Date
    January 18th, 2005
    Location
    Memphis TN
    Posts
    1,434
    I use application/octet-stream for when I do things like this. Works like a charm for me.

    Chris

    ----------------------------
    &lt;FONT SIZE=1&gt;ezDatafeed.com - Merchants - Give your affiliates your datafeed outside the networks, without cost to the affiliate. Check out ezDatafeed.com for more information.
    Scriptsforyoursite.com - Featuring datafeed import scripts for Backcountry Store, Coldwater Creek, Mondera.com and many more.....&lt;/font&gt;

  10. #10
    Newbie
    Join Date
    January 18th, 2005
    Posts
    4
    Here's an easy way to do it, use this all the time....

    &lt;?php
    $file_filename = $file;
    $file_path = "/your/path/here";
    $file_ext = substr($file_filename, -4);
    if($file_ext == ".txt") { $content_type = "text/plain"; }
    else { $content_type = "application/octet-stream"; }
    $full_file_path = $file_path."/".$file_filename;
    header("Content-Type: $content_type");
    header("Content-Disposition: attachment; filename=$file_filename");
    ($full_file_path));
    readfile($full_file_path);
    exit();

    ?&gt;

    Assuming you keep all your downloads in the same directory, change $file_path to point there and put this code in dl.php (or whatever you want ). Then you can call this file and add the file name to the query string - i.e. :

    http://mydomain.com/dl.php?file=file.pdf

    Hope this helps

  11. #11
    ABW Ambassador FFoc's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,015
    Yuck! Bad security hole!

    http://mydomain.com/dl.php?file=dl.php

    or

    http://mydomain.com/dl.php?file=config.inc

    or

    http://mydomain.com/dl.php?file=../../../../etc/passwd

    --
    "The greatest good you can do for another is not just to share your riches, but to reveal to him his own." – Benjamin Disraeli
    --
    Ford Fox-body Owners Club -- http://www.ford-fox.org

  12. #12
    Newbie
    Join Date
    January 18th, 2005
    Posts
    4
    ummm that is why the file path is set in the script. The only place it will go is to your dl directory, and the url gives zero indication of where that folder may be. Don't see what the security issue is unless you keep secure data in a directory that should be for downloads only, and even then they would have to guess the name.

    Or if you're still concerned, just force the file name right in the script and do a call to the script without the file name query added. It's just that with the way it's set you don't need to change it when adding or changing file names.

  13. #13
    ABW Ambassador FFoc's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,015
    Try it..

    If you allow the passing of a filename via a GET variable, you need to do some checks, like:
    if (substr($file, 0, 3) == "../") { die "invalid filename"; }

    if $file=../foo then die, because we don't want people to back out of the dir we gave them.

    --
    "The greatest good you can do for another is not just to share your riches, but to reveal to him his own." – Benjamin Disraeli
    --
    Ford Fox-body Owners Club -- http://www.ford-fox.org

  14. #14
    Newbie
    Join Date
    January 18th, 2005
    Posts
    4
    Don't see how that would work and did test it just now on a production site. If I have $file_path in the script set to:

    /var/www/virtual/usersite/dl

    And my link is something like:

    http://mydomain.com/dl.php?file=blah.pdf

    The script is going to attempt the download:

    /var/www/virtual/usersite/dl/blah.pdf

    But if we have a bad little user that wants to do some damage and they do what you're suggesting by changing the url to something like:

    http://mydomain.com/dl.php?file=../../../etc/passwd

    Then they are now attempting to download a file from:

    /var/www/virtual/usersite/dl/../../../etc/passwd

    That's not a legitimate path and will not work. This is assuming of course that register_globals is turned off so that they cannot modify other variables through a GET.

    Since I only use this little script in employee password protected pages for my employer I hadn't really thought about security issues since we'd have more worries than what you're suggesting if people were getting in there in the first place Thanks for the input and please let me know if you see a hole in that logic.

  15. #15
    ABW Ambassador FFoc's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,015
    Add two more instances of "../" and it will become legitimate.

    Every time you have a ../ you go up one level on the directory tree.

    --
    "The greatest good you can do for another is not just to share your riches, but to reveal to him his own." – Benjamin Disraeli
    --
    Ford Fox-body Owners Club -- http://www.ford-fox.org

  16. #16
    Full Member
    Join Date
    January 18th, 2005
    Posts
    88
    I was experiencing the same problem.
    After a few security checks, I moved the file paths in a MySQL table, so that users won't get access to the files directly. One more benefit was that I can set access levels so that not every one can download it. Public download is also available.

    Please Remember that my folder was out of the webroot. I extracted the content and did an octet stream.

    It worked like a charm.

    Yep. Zip files only.

    PDF would open in Acrobat Reader. But it can be saved.

  17. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Php Script to Download Web File Not Working
    By Uncle Rico in forum Programming / Datafeeds / Tools
    Replies: 7
    Last Post: January 19th, 2009, 01:11 PM
  2. Problems with php datafeed download script
    By steven420 in forum Programming / Datafeeds / Tools
    Replies: 11
    Last Post: November 29th, 2006, 08:17 AM
  3. Download Free Internet Marketing Guide in PDF
    By freetraff in forum Marketing Resources & Power Tools
    Replies: 4
    Last Post: August 18th, 2005, 09:21 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •