Hi,

Code below fails and I cannot solve it.

$folder="myfolder/files";
$file="1.doc";

header("Content-type: application/msword");
header("Content-Disposition: attachment; filename=".$folder."/".$file);
readfile($file);

The file link I get when popup opens is " myfolder_file_1.doc ". I don't know where does the underscore comes from.

Any idea?

Thanks

maybe it's an automatic replacement of spaces between your text.

you cant specify a foldername in the download filename
naming conventions convert the backslash to underscore, and the file will be placed in the current folder selected on the users disk

file not found error, the source is not specified fully to get the file from the specified folder, Try

<?php $folder="myfolder/files";
$file="1.doc";
header("Content-type: application/msword");
header("Content-Disposition: attachment; filename=$file"); // note difference
readfile($folder."/".$file); // note difference
?>

Yes it does download it now but the HTML content of my php webpage is displayed in the doc file instead of actual content of doc file.

<html>
<head>
<title>Asg</title>
</head>
<body>
<p>
Welcome Jolly
</p>

<h3>DOWNLOAD</h3>

ACTUAL CONTENT IS HERE

</body>
</html>

Is this normal?

This is the code I use but doesn't work well. File is downloaded but the content is full of rubish characters. I add the code for you to try and see what i mean.

index.php

<?php
$fileArray = array("me.doc", "you.doc");
$directory = "pool/files/";

foreach($fileArray as $key => $value){
    echo "<a href='index.php?dir=$directory&file=$value' title='Download'>$value</a><br />";
}


if(isset($_GET["dir"]) && isset($_GET["file"])){
	$directory = $_GET["dir"];
	$file = $_GET["file"];
	
	header("Cache-Control: public");
	header("Content-Description: File Transfer");
	header("Content-Disposition: attachment; filename=$file");
	header("Content-Type: application/msword");
	readfile($directory.$file);
	
}
?>

Please help.

Thanks in advance

SOLVED. Thanks for contributions guys.
What I noticed that there shouldn't be any HTML space between ob_start() and flush(). When you open <?php, you should put everything in without closing-opening-closing-opening (I mean one <?php, one ?>) it. Otherwise, strange chars are stored in file that is currently downladed.


SOLUTION:

index.php

<?php
$fileArray = array("me.doc", "you.doc");
$directory = "pool/files/";

foreach($fileArray as $key => $value){
    echo "<a href='download.php?dir=$directory&file=$value' title='Download'>$value</a><br />";
}
?>

download.php

<?php
if(isset($_GET["dir"]) && isset($_GET["file"])){
 
	$directory = $_GET["dir"];
	$file = $_GET["file"];
	
	function forceDownload($directory, $file){
		header("Content-Type: application/force-download");
		header("Content-Disposition: attachment; filename=\"$file\"");
		echo file_get_contents($directory.$file);
	}
	
	forceDownload($directory, $file);
 }
?>

the _get method keeps the variables in the url
so the foldername is passed in plain text, this way may lessen direct linking to the files
if all the files are in the same folder then the folder does not have to be passed to the download file
folder can be an index to an array
folder can be simple IF else if($_get['folder']='1') {$folder="/pool/files";} elseif($_get['folder']='2') {$folder="/other/files";} else {$folder='/blankfiles';} index.php

<?php
$fileArray = array("me.doc", "you.doc");
foreach($fileArray as $key => $value){
    echo "<a href='download.php?file=$value' title='Download'>$value</a><br />";
}
?>

download.php

<?php
$directory = "pool/files/";
if(isset($_GET["file"])){
 $file = $_GET["file"];
 function forceDownload($directory, $file){
 header("Content-Type: application/force-download");
 header("Content-Disposition: attachment; filename=\"$file\"");
 echo file_get_contents($directory.$file);
 }
forceDownload($directory, $file);
 }
?>

security(?) through obscurity ??

You are right about the direct linking. However, I'll do SHA1($folder) and SHA1($file) first and attach it to the URL. This will prevent users direct linking to the file and folder.
Thanks for your additional interest

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.