Jump to content
MakeWebGames

[PHP SNIPPET] Allow's you to download a file from your server.


Haunted Dawg
 Share

Recommended Posts

Well i have modified this script a bit so here it is:

 

<?php
//if they do not put a get file error out
if(!$_GET['file'])
{
echo 'Enter a file.';
exit;
}


//For security we add a code
if($_GET['code'] != "BAH!")
{
echo 'Provide code.';
exit;
}


//Located file:
$local_file = $_GET['file'];


// filename that the user gets as default
$download_file = $_GET['file'];


// set the download rate limit => 20,5 kb/s
$download_rate = 20.5;


//now download the file
if(file_exists($local_file) && is_file($local_file))
{
// send headers
header('Cache-control: private');
header('Content-Type: application/octet-stream'); 
header('Content-Length: '.filesize($local_file));
header('Content-Disposition: filename='.$download_file);
// flush content
flush();    
// open file stream
$file = fopen($local_file, "r");    
while(!feof($file))
{
	// send the current file part to the browser
	echo fread($file, round($download_rate * 1024));    
	// flush the content to the browser
	flush();
	// sleep zero second(s) giving a delay of 0 second(s) to download file.
	sleep(0);    
}    
// close file stream
fclose($file);
}
else 
{
//if the file does not exist tell them.
die('Error: The file '.$local_file.' does not exist!');
}
?>

 

Now the orifinal author is here:

http://www.jonasjohn.de/snippets/php/file-download.htm

This will help you to stop going into your cpanel to download a file, you could also update a upload function to it so u will never need to go into your cpanel to edit a file.

Link to comment
Share on other sites

Re:

 Allow's you to download a file from your server.

The human race destroys the world, the developer destroys the machine...

It's the same principle, *if* this script is found by an attacker, the attacker could have all the required password and configuration files in a matter of seconds, without any restrictions.

Unless [i]openbasedir[/i] is set, this script could potentially export the contents of any script on the machine and/or neighboring machines.

A deffo no-no on a site operating on DBS sources...

Link to comment
Share on other sites

Re:

 Allow's you to download a file from your server.

Yeah umm spudinski, try chaning the password to a harder one? And it could be named any thing for example:

bkahbdsanbdnsbvdnsgdhsmdnsandgmashdnsagdmsdmashdmahsm213m12b3n12b3n21b3n21v3bn12v3n213.php

Now seriously no one is going to find a find like that then add a code to it:

script_made_from_kyle_at_ce_find_me_if_you_can_haha_bye.php?code=tresde_2323_,,,,,,_;;;;;_222

Please i would like you to find it.

Link to comment
Share on other sites

Re:

 Allow's you to download a file from your server.

My main point was to poke fun at the folks criticizing (correctly I think) the security of your script.

Any window opened up also opens up new security risks. So, I'm telling them to add die; if they're concerned but still want to use the script. ;)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...