[RESOLVED] PDF File Download Issue

atlantisusa

My website has recently been transitioned to a new server with an upgraded control panel. Since the transition, I had to update the paths to my folders above the public_html. Since changing the paths the issues have started. I'll paste my code below but the general gist is this. I have a page that users login into and it displays their files (pdfs kept in a folder above public_html). They click on the link to the file and it opens/downloads. Simple. It's been working great for a long time until the move.

Here is the code to display files on the display page.

 

<?php 

$path = "/home/users/web/b1883/d5.prodtest/prodtest/$accountid/general/";


if (count($files) == 0): ?>
	<p>There are currently no files in this directory.</p>
<?php else: ?>
	<table>
		<tr>
			<th>File Name</th>
			<th>Size</th>
			<td colspan="2">&nbsp;</td>
		</tr>

	<?php foreach($files as $file): ?>
		<tr>
			<td><?php echo htmlentities($file['name']); ?></td>
			<td>
				<?php
					// Format size:
					if ($file['size'] > 1000) {
						echo number_format(($file['size']/1024), 2) . ' KB';
					} elseif ($file['size'] > 1000*1000) {
						echo number_format(($file['size']/1024)/1024, 2) . ' MB';
					} else {
						echo $file['size'] . ' Bytes';
					}
				?>
			</td>
			<td><a href="gdownload.php?file=<?php echo urlencode($file['name']); ?>"><strong>View/Print/Save</strong></a></td>
			<td><a href="gdelete.php?file=<?php echo urlencode($file['name']); ?>">Delete</a></td>
		</tr>
	<?php endforeach; ?>
</table><br />

<?php endif; ?>

This works fine and the files are displayed.

Here is the code to download the file:

<?php

$path = "/home/users/web/b1883/d5.prodtest/prodtest/$accountid/general/";

// Get file
if (!isset($_GET['file'])) { die('Invalid File'); }
$file = $_GET['file'];

// Create file path
$filepath = $path . $file;

// Now check if there isn't any funny business going on
if ($filepath != realpath($filepath)) {
	die('Security error! Please go back and try again.');
}

// Get file extension
$ext = explode('.', $file);
$extension = $ext[count($ext)-1];

// Try and find appropriate type
switch(strtolower($extension)) {
	case 'txt': $type = 'text/plain'; break;
	case "pdf": $type = 'application/pdf'; break;
	case "exe": $type = 'application/octet-stream'; break;
	case "zip": $type = 'application/zip'; break;
	case "doc": $type = 'application/msword'; break;
	case "xls": $type = 'application/vnd.ms-excel'; break;
	case "ppt": $type = 'application/vnd.ms-powerpoint'; break;
	case "gif": $type = 'image/gif'; break;
	case "png": $type = 'image/png'; break;
	case "jpg": $type = 'image/jpg'; break;
	case "jpeg": $type = 'image/jpg'; break;
	case "html": $type = 'text/html'; break;
	default: $type = 'application/force-download';
}

// General download headers:
header("Pragma: public"); // required
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private",false); // required for certain browsers 
header("Content-Transfer-Encoding: binary");

// Filetype header
header("Content-Type: " . $type);

// Filesize header
header("Content-Length: " . filesize($filepath));

// Filename header
header("Content-Disposition: attachment; filename=\"" . $file . "\";" );

// Send file data
readfile($filepath);

?>

Now, the error I get is the one above - "Security error! Please go back and try again." Which means something is going on with the path. I changed the permissions on the folders incase that was 'altered' during the move (it's a shared host).

I guess I need fresh eyes on it - any suggestions welcomed as to what it could be. The host hasn't been very helpful.

Thanks.

NogDog

Where/how is $accountid set?

atlantisusa

It's set like this:

<?php
session_start();
$username = $_SESSION['valid_user'];
$accountid = $_SESSION['accountID'];
$lastlogin = $_SESSION['lastlogin'];
$date = $_SESSION['date'];

$loginFailed = "../loginerror.php";
if (isset($_SESSION['valid_user']));
else {
    header("Location: ". $loginFailed );
  }
?>

I hard coded the actual value and it didn't work.

NogDog

I guess the next step would be to output the two values that are compared to see what is different about them.

<?php

$path = "/home/users/web/b1883/d5.prodtest/prodtest/$accountid/general/";

// Get file
if (!isset($_GET['file'])) { die('Invalid File'); }
$file = $_GET['file'];

// Create file path
$filepath = $path . $file;

// Now check if there isn't any funny business going on
if ($filepath != realpath($filepath)) {
    printf("DEBUG:<br />\n\$filepath: %s<br />\nrealpath: %s<br />\nfile_exists: %s",
           $filepath, realpath($filepath),
           (file_exists($filepath)) ? 'true' : 'false');
    die('Security error! Please go back and try again.');
}

atlantisusa

Thank you for your help. Your step was very logical and most importantly it displayed a different path - the correct path!

The actual path is:

/hermes/bosweb/web188/b1883/d5.prodtest/prodtest/$accountid/general/

I've never come across this before - how can the original path I used display the folder contents but not be the 'real' path? Is it relative or links to the real path?

Thanks again for your help in resolving this problem.

NogDog

I would guess that "/home/users/web/" is a symbolic link to "/hermes/bosweb/web188", thus the difference since realpath() expands all symbolic links.

atlantisusa

Thanks again for the headache relief.