I want to use the following code to allow users to download .iso, .deb, and .tar.gz files from my website on a shared server on my web host, but it fails miserably. Besides the initial warnings, it appears that the readfile command is literally opening and reading the file. It works perfectly on my local Apache server.
<?php
$php_scripts = '../../php/';
require $php_scripts . 'PDO_Connection_Select.php';
require $php_scripts . 'GetUserIpAddr.php';
function mydloader($l_filename= "")
{
$ip = GetUserIpAddr();
if (!$pdo = PDOConnect("foxclone_data"))
{
exit;
}
{
$file = $l_filename;
if (file_exists($file)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.basename($file).'"');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($file)); /*Read the size of the file*/
readfile($file);
exit;
}
}
/*Clear system output buffer*/
flush();
mydloader($_GET["f"]);
exit;
`
Here's a screenshot of what happens when run on the webhost:
![https://imgur.com/2SqiLu4]
NOTE: For security, the code will eventually be modified to pass a number to this script and do a lookup in the database to get a filename rather than passing the filename directly.