Hello, within a part of my website I am having a download section, I am using the following code to download my files


<?php
$loc = $_GET['loc'];
$pid = $_GET['pid'];
$name = $_GET['name'];
$file_contents = file_get_contents($loc);

/* NOW write out the requested file.*/
header("Content-type: audio/x-mpeg"); /* or whatever type */
header("Content-Disposition: attachment; filename=" . $loc);
header("Content-Length: " . $filesize);
header("Content-Transfer-Encoding: binary\n\n");
header("Pragma: no-cache");
header("Expires: 0");

print($file_contents);

?>




This works if the files that I want to download are in the same file, but if i want the files to be outside the same file placing the correct file path I get this error;


Warning: file_get_contents(e:/songs/bonjovi/bonjovi/burningforlove.mp3): failed to open stream: No such file or directory in E:\bondjovi\bondjovi\pages\dodownload.php


(There is a file path and name are correct)

Is there any one that could help as I don't want to palce all the files within one file

Some operating systems use case sensitive drive/directory/filenames, try using the correct case in the path.

If that doesnt work you can always resort to using a relitive path:
$loc = "../../../songs/bonjovi/bonjovi/burningforlove.mp3";

Hi, isn't that strange code for downloading? why should you read the file content?! why not just redirecting to the file?

header("Location: $loc/");

Also, do not forget to filter the $_GET params - you would not like someone to download sensitive data!

Hi, isn't that strange code for downloading? why should you read the file content?! why not just redirecting to the file?

header("Location: $loc/");


This is because most browsers are set to stream the data from the server, rather than actually download it. By using the code that coops has, the file is forced to be downloaded rather than streamed.

This should do it:


<?php

//Can be anything, as long as its relative to your path
$file_link = $_GET['loc'];

//This is needed for some browsers
if(ini_get('zlib.output_compression')){
@ini_set('zlib.output_compression', 'Off');
}
@header("Pragma: public"); // required
@header("Expires: 0");
@header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
@header("Cache-Control: private",false); // required for certain browsers
@header("Content-Type: application/audio/x-mpeg");
@header("Content-Disposition: attachment; filename=".basename($file_link).";" );
@header("Content-Transfer-Encoding: binary");
@header("Content-Length: ".filesize($file_link));
@readfile("$file_link");
exit();


/*This always works for my case (even when its outside the folder), but as the others say, you should validate such data, maybe with something like:

if you know the link type before hand:

e.g.: ../../file_hold/***.mpg

you can do something like:

$temp = explode("//",$link):
if(count($temp) > 3) die()

or maybe
$extension_allowed = array('mpg','gif','jpg');
temp = explode(".",$link);
if(!eregi($extension_allowed,$temp[count($temp)-1])) die();
*/
?>



Peace,

It seems that the point of this script is primarily to mask the actual location of the file. If this is true, you should be surpressing PHP errors with the optional @ symbol. Like this:


$file_contents = @file_get_contents($loc);

if( !$file_contents )
{
echo "Error reading file";
}
else
{

// Download file code

}