Escolar Documentos
Profissional Documentos
Cultura Documentos
Resume option
August 3, 2012/by Armand Niculescu
A while ago I wrote an article about the common pitfalls of handling file downloads in
PHP. One thing I did not realize at that time is that in most cases developers dont have
the time to write such a script and theyll use whatever they can find, even if it has
flaws.
Because of this, I decided to write a download script and release it free for everyone
with a BSD License. Its not a class, just a script that accepts a file parameter via GET
or POST and outputs the file. For security purposes any paths are stripped and replaced
with a path in the script (the folder containing the downloadable file(s) should be
protected against direct access).
The script sets the correct MIME type for ZIP files, all other files are sent as octet
stream. You may customize that part depending on the type of docs you host.
The download script also accepts range download but not multiple ranges; for the vast
majority of cases this is enough.
The script is in active use and has handled tens of thousands of downloads from a vast
variety of browsers. I tested it only on Apache 2 / PHP 5. Some hosts have really weird
setups and limitations but hopefully you wont get any issues.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
// hide notices
@ini_set('error_reporting', E_ALL & ~ E_NOTICE);
//- turn off compression on the server
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
@apache_setenv('no-gzip', 1);
@ini_set('zlib.output_compression', 'Off');
if(!isset($_REQUEST['file']) || empty($_REQUEST['file']))
{
header("HTTP/1.0 400 Bad Request");
exit;
}
// sanitize the file request, keep just the name and extension
// also, replaces the file location with a preset one ('./myfiles/' in this example)
$file_path = $_REQUEST['file'];
$path_parts = pathinfo($file_path);
$file_name = $path_parts['basename'];
$file_ext
= $path_parts['extension'];
$file_path = './myfiles/' . $file_name;
// allow a file to be streamed instead of sent as an attachment
$is_attachment = isset($_REQUEST['stream']) ? false : true;
// make sure the file exists
if (is_file($file_path))
{
$file_size = filesize($file_path);
$file = @fopen($file_path,"rb");
if ($file)
{
// set the headers, prevent caching
header("Pragma: public");
header("Expires: -1");
header("Cache-Control: public, must-revalidate, post-check=0, pre-check=0");
header("Content-Disposition: attachment; filename=\"$file_name\"");
// set appropriate headers for attachment or streamed file
if ($is_attachment)
header("Content-Disposition: attachment; filename=\"$file_name\"");
else
header('Content-Disposition: inline;');
// set the mime type based on extension, add yours if needed.
$ctype_default = "application/octet-stream";
$content_types = array(
"exe" =--> "application/octet-stream",
"zip" => "application/zip",
"mp3" => "audio/mpeg",
"mpg" => "video/mpeg",
"avi" => "video/x-msvideo",
);
$ctype = isset($content_types[$file_ext]) ? $content_types[$file_ext] : $ctype_default;
header("Content-Type: " . $ctype);
//check if http_range is sent by browser (or download manager)
if(isset($_SERVER['HTTP_RANGE']))
{
list($size_unit, $range_orig) = explode('=', $_SERVER['HTTP_RANGE'], 2);
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
}
else
{
}
if ($size_unit == 'bytes')
{
//multiple ranges could be specified at the same time, but for simpl
//http://tools.ietf.org/id/draft-ietf-http-range-retrieval-00.txt
list($range, $extra_ranges) = explode(',', $range_orig, 2);
}
else
{
$range = '';
header('HTTP/1.1 416 Requested Range Not Satisfiable');
exit;
}
$range = '';
//set start and end based on range (if set), else set defaults
//also check for invalid ranges.
$seek_end
= (empty($seek_end)) ? ($file_size - 1) : min(abs(intval($seek_end)
$seek_start = (empty($seek_start) || $seek_end < abs(intval($seek_start))) ? 0 :
//Only send partial content header if downloading a piece of the file (IE workaround)
if ($seek_start > 0 || $seek_end < ($file_size - 1))
{
header('HTTP/1.1 206 Partial Content');
header('Content-Range: bytes '.$seek_start.'-'.$seek_end.'/'.$file_size);
header('Content-Length: '.($seek_end - $seek_start + 1));
}
else
header("Content-Length: $file_size");
header('Accept-Ranges: bytes');
set_time_limit(0);
fseek($file, $seek_start);
while(!feof($file))
{
print(@fread($file, 1024*8));
ob_flush();
flush();
if (connection_status()!=0)
{
@fclose($file);
exit;
}
}
// file save was a success
@fclose($file);
exit;
}
else
{
133 }
134 else
135 {
136
137
138
139 }
140 ?>
You can also download it: Download PHP File Download Script