flatFileHost script weird problem

george_newb

Hi,
I'm using flatFileHost script to allow uploading of files to my web server.
When I installed the script,everything was working fine,but today there is a problem.
When I upload a file,and after try to download it,I get this kind of screen instead of a download prompt.
It's weird because the download function was working yesterday.
Please help 😕

NogDog

Looks like the wrong content-type header is being sent by the server. It could be a bug in the script (look for lines like header("Content-type: <some mime type here");). Or some change to a .htaccess in the download file's directory or any of its parent directories could be forcing the wrong content type.

george_newb

Well,I've found this line in download2.php script "header('Content-type: application/octetstream');".Is there something wrong with that?

bradgrafelman

Yeah... I believe there should be a hyphen between "octet" and "stream". Try that and see if it asks you to download the file instead.

george_newb

I changed it to this: "header('Content-type: application/octet-stream');".But the result is the same!Not working...Any ideas?
Also,this is the content of the .htaccess files in the directory where all the files are stored,and the root directory .htaccess.

Storage dir htaccess file:

order allow,deny
deny from all

Root directory htaccess file:

<Files *.txt>
order allow,deny
deny from all
</Files>

bradgrafelman

Any chance we can see the entire download script? Or at least, the very first few lines of the file, the very last few lines, and the relevant code for the downloading of the file. Also, you might try adding this header:

header ("Content-Disposition: attachment; filename=\"$filename\"");

george_newb

The header you suggested was already there.
I deleted all htaccess files,but no solution.

Here's the whole download script:

<?php
//   __ _       _   _____ _ _      _    _           _   

//  / _| |     | | |  ___(_) |    | |  | |         | |  

// | |_| | __ _| |_| |__  _| | ___| |__| | ___  ___| |_ 
// |  _| |/ _` | __|  __|| | |/ _ \  __  |/ _ \/ __| __|
// | | | | (_| | |_| |   | | |  __/ |  | | (_) \__ \ |_ 
// |_| |_|\__,_|\__|_|   |_|_|\___|_|  |_|\___/|___/\__|
// by Jim (www.j-fx.ws)                   version 1.15.0
////////////////////////////////////////////////////////

include("./config.php");

$bans=file("./bans.txt");
foreach($bans as $line)
{
  if ($line==$_SERVER['REMOTE_ADDR']){
    echo "no acc.";
    include("./footer.php");
    die();
  }
}

if(!isset($_GET['a']) || !isset($_GET['b']))
{
  echo "<script>window.location = '".$scripturl."';</script>";
}

$validdownload = 0;

$checkfiles=file("./files.txt");
$foundfile=0;
foreach($checkfiles as $line)
{
  $thisline = explode('|', $line);
  if ($thisline[0]==$_GET['a'] && md5($thisline[2].$_SERVER['REMOTE_ADDR'])==$_GET['b'])
    $validdownload=$thisline;
}

if($validdownload==0) {
    echo "Wrong URL.";
    include("./footer.php");
    die();
}

$userip = $_SERVER['REMOTE_ADDR'];
$time = time();

$filesize = filesize("./storage/".$validdownload[0]);
$filesize = $filesize / 1048576;

if($filesize > $nolimitsize) {
$downloaders = fopen("./downloaders.txt","a+");
fputs($downloaders,"$userip|$time\n");
fclose($downloaders);
}

$validdownload[4] = time();

$fc=file("./files.txt");
$f=fopen("./files.txt","w");
foreach($fc as $line)
{
  $thisline = explode('|', $line);
  if ($thisline[0]!=$_GET['a'])
    fputs($f,$line);
  else
    fputs($f,$validdownload[0]."|". $validdownload[1]."|". $validdownload[2]."|". $validdownload[3]."|". $validdownload[4]."|".($validdownload[5]+1)."|".$validdownload[6]."|".$validdownload[7]."|".$validdownload[8]."|\n");
}
fclose($f);

header('Content-type: application/octet-stream');
header('Content-Length: ' . filesize("./storage/".$validdownload[0]));
header('Content-Disposition: attachment; filename="'.$validdownload[1].'"');
readfile("./storage/".$validdownload[0]);

bradgrafelman

Okay... is display_errors set to On? Is error_reporting set to E_ALL? If not, try using [man]ini_set/man at the top of your script to change these directives' values.

Do you see any errors? Also, can you post a link (or PM me a link if you don't feel comfortable showing it to the world right now) to this download script?

george_newb

I added this

ini_set(error_reporting,E_ALL)

to the beggining of the script,and now when I try to download a file i get a white screen,and nothing happens.

bradgrafelman

That's because your first parameter is a constant, when you want a string. Add quotes around error_reporting. E_ALL, however, is a constant, so you don't want quotes around it.

Weedpacket

if(!isset($_GET['a']) || !isset($_GET['b']))
{
  echo "<script>window.location = '".$scripturl."';</script>";
}

Ouch.

if(!isset($_GET['a']) || !isset($_GET['b']))
{
  header($scripturl);
  exit;
}

george_newb

Weedpacket do you suggest changing thas part of the script?I did it but nothing changes,again the same problem....

ClarkF1

I've used this script and released some mods for it and I've had no problem with it so far in it's original form.

I'm trying to replicate the problem but can't..........I'm thinking it might be server related.

Each file is stored not with it's own name but with a md5 hash of the name so items can't be executed. It might be to do with the way that the server handles files without a file extension.

george_newb

I've tried many things but its not working 🙁

ClarkF1

What browser are you using and what type of server is it on???

Have you got an live version I can try???

george_newb

I'm using firefox & IE.The script is running on a linux.
I don't have a live version anymore,because I decided to replace flatfilehost with miniFileHost,which is working just fine by the way.

thx for the help everyone 🙂