Download Links

mdub2112

OK here's my story...
My site allows users to upload files to above the Doc Root

Doc Root is /var/www/html
Upload Dir is /var/www/uploads

Everything is working fine with the exception of getting the files to download via a link.

The database is holding path, file, mime_type, & size

When the user uploads the file, the dbase gets filled in correctly and the file gets uploaded correctly.

Working Upload Script Code

  $title = $_REQUEST['title'];
  $client = $_REQUEST['client'];
  $time = time();
  $upload_dir = '/var/www/uploads/';
  $file_name = ($_FILES['userfile']['name']);
  $filesize = $_FILES['userfile']['size'];
  $filetype = $_FILES['userfile']['type'];

  $query = "insert into depot 
                (title, client, path, file, mime_type, size, user, created)
              values 
                ('$title', '$client', '$upload_dir', '$file_name', '$filetype', '$filesize', '".
               $_SESSION['auth_user']."', $time)";

  $result = $handle->query($query);

  if (!$result) 
  {
    echo "There was a database error when executing <pre>$query</pre>";
    echo mysqli_error();
    exit;
  }

  if ( (isset($_FILES['userfile']['name']) && 
        is_uploaded_file($_FILES['userfile']['tmp_name']))) 
  {
 $filename = $upload_dir.$file_name;
 move_uploaded_file($_FILES['userfile']['tmp_name'], $filename);
  }
  header('Location: '.$_REQUEST['destination']);

My link to get users to the download script is simply
echo "<a href='download.php?id={$depot['id']}'>
{$depot['title']}<br />
</a>";

Download Script is where I'm having the problems...

<?php
  include_once('db_depot.php');
$id = $_GET['id'];

$query = "select file, type, size, path from depot where id = '$id'";
$result = $handle->query($query)
  if (!$result) 
  {
    echo "There was a database error when executing <pre>$query</pre>";
    echo mysqli_error();
    exit;
  }

$filename = '$file'; 
$filetype = '$mime_type';
$filepath = $path . $filename; 
if (!file_exists($filepath)) {
  die('SORRY!, <b>' . $filepath . '</b> could not be found.');
} else {
  header('Content-type: ' . $filetype);
  header('Content-Disposition: attachment; filename="' . $filename . '"');
  readfile($filepath);
} 
}
?>

And I just can't figure it out.
Hoping another eye might catch I'm missing, or somethin' I'm just plain wrong with.

Stasonis

Can you be a little more specific with the problem? Is it returning nothing/showing an error? Also, when setting $filename and $filetype? On top of that using single quotes around a variable name like that will not result in the variables contents being put into a string, but come across as the literal '$file'.

mdub2112

It is simply opening the browser to http://MYURL/uploads/download.php?id=1
and the entire page is blank, no prompting for download or anything.

bradgrafelman

Is display_errors set to On and error_reporting set to E_ALL ?

mdub2112

I've changed download.php to

<?php
if(isset($_GET['id']))
{
include ('depot_fns.php');

$id = $_GET['id'];
$query = "select * from depot where {$depot['id']} ='$id'";
$result = mysql_query($query) or die('Error, query failed');
list($file, $type, $size, $filePath) = mysql_fetch_array($result);

header("Content-Disposition: attachment; filename=$file");
header("Content-length: $size");
header("Content-type: $type");

readfile($filePath);

include ('logout.php');
exit;
}
?>

Now, I get the browser URL to still show as http://MYURL/uploads/download.php?id=1 Which is good
In the browser window I see the "die" message coded ('Error, query failed').
Which of course means.... 😕 that I still cannot get the link to download the file 😕

Weedpacket

Why not ask the database what the error was? [man]mysql_error[/man]. Echo $query, too, to see what you actually asked it.

And I just think I should point out, "select file,type,size,filePath" or whatever the fields are called will be a lot more robust (and probably faster) than the one-size-fits-nobody "select *".

mdub2112

I just through the catchall * to make sure I wasn't missing anything.

Code

$handle = db_connect();
$id = $_GET['id'];
$query = "select id, path, file, type, size from depot where id = $id";
$result = $handle->query($query);
  if (!$result) 
  {
    echo "There was a database error when executing <pre>$query</pre>";
    echo mysqli_error();
    exit;
  }
  if ($id = $result->fetch_assoc()) 
	{
	//echo "Well Hello There";
	header("Content-type: $type");
	header("Content-length: $size");
	header('Content-Disposition: attachment; filename="' . $file . '"');
	}
exit;

Upon clicking the download link, now it prompts to download a file
Type HTML being the download.php file that is actually my script.
The file that should get downloaded is (in this case) a GIF file.

If I comment out all of the header lines and echo a plain message all shows up fine.

HeEeLlLpPPP

bradgrafelman

mdub2112 wrote:
I just through the catchall * to make sure I wasn't missing anything.

Well, this also happens to be the best way to waste the database's resources (CPU/memory/hard drive seek time), as well as a generally unaccepted coding practice (unless you're truly intending to SELECT all fields.. in which case you should still simply list the column names for scalability reasons).

Also, where is $file being set? Or $type? Or $size ?

mdub2112

Makes sense then bradgrafelman...call just what I need.

	$file = $file['file'];
	$type = $file['type'];
	$size = $file['size'];
	$path = $file['path'];
	$filepath = $path . $file;

header('Content-type: ' . $type);
header('Content-Disposition: attachment; filename="' . $file . '"');
readfile($filepath);
}
exit;

OK, seems like the above is working to get the link to work.
However, when I download the file, using (for the images) the MS Image viewer it comes up as "No preview". Files like Word or Excel just open up as all garbled. It seems like it's just creating a file on the fly using the names provided in the database and not simply sending the files in the folder.

The DOCROOT is /var/www/html
The uploads folder is just above that /var/www/uploads to which is of course where I want to pull the files from for download.