Jump to content
MakeWebGames

[PHP SNIPPET] Allow's you to download a file from your server.

Haunted Dawg

By Haunted Dawg
in Tutorials

 Share

Recommended Posts

Haunted Dawg Newbie

Haunted Dawg

Posted
Posted

Well i have modified this script a bit so here it is:

 

<?php
//if they do not put a get file error out
if(!$_GET['file'])
{
echo 'Enter a file.';
exit;
}


//For security we add a code
if($_GET['code'] != "BAH!")
{
echo 'Provide code.';
exit;
}


//Located file:
$local_file = $_GET['file'];


// filename that the user gets as default
$download_file = $_GET['file'];


// set the download rate limit => 20,5 kb/s
$download_rate = 20.5;


//now download the file
if(file_exists($local_file) && is_file($local_file))
{
// send headers
header('Cache-control: private');
header('Content-Type: application/octet-stream'); 
header('Content-Length: '.filesize($local_file));
header('Content-Disposition: filename='.$download_file);
// flush content
flush();    
// open file stream
$file = fopen($local_file, "r");    
while(!feof($file))
{
	// send the current file part to the browser
	echo fread($file, round($download_rate * 1024));    
	// flush the content to the browser
	flush();
	// sleep zero second(s) giving a delay of 0 second(s) to download file.
	sleep(0);    
}    
// close file stream
fclose($file);
}
else 
{
//if the file does not exist tell them.
die('Error: The file '.$local_file.' does not exist!');
}
?>

 

Now the orifinal author is here:

http://www.jonasjohn.de/snippets/php/file-download.htm

This will help you to stop going into your cpanel to download a file, you could also update a upload function to it so u will never need to go into your cpanel to edit a file.

Spudinski Newbie

Spudinski

Posted
Posted

Re: 

 Allow's you to download a file from your server.

The human race destroys the world, the developer destroys the machine...

It's the same principle, *if* this script is found by an attacker, the attacker could have all the required password and configuration files in a matter of seconds, without any restrictions.

Unless [i]openbasedir[/i] is set, this script could potentially export the contents of any script on the machine and/or neighboring machines.

A deffo no-no on a site operating on DBS sources...

Haunted Dawg Newbie

Haunted Dawg

Posted
  • Author
Posted

Re: 

 Allow's you to download a file from your server.

Yeah umm spudinski, try chaning the password to a harder one? And it could be named any thing for example:

bkahbdsanbdnsbvdnsgdhsmdnsandgmashdnsagdmsdmashdmahsm213m12b3n12b3n21b3n21v3bn12v3n213.php

Now seriously no one is going to find a find like that then add a code to it:

script_made_from_kyle_at_ce_find_me_if_you_can_haha_bye.php?code=tresde_2323_,,,,,,_;;;;;_222

Please i would like you to find it.

Floydian Newbie

Floydian

Posted
Posted

Re: 

 Allow's you to download a file from your server.

Even better: add "die;" just after the line with "<?php" until you want to use the script, at which point you could remove the die long enough to do what you want lol.

hehe

Floydian Newbie

Floydian

Posted
Posted

Re: 

 Allow's you to download a file from your server.

My main point was to poke fun at the folks criticizing (correctly I think) the security of your script.

Any window opened up also opens up new security risks. So, I'm telling them to add die; if they're concerned but still want to use the script. ;)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...