Sign in to follow this  
sathenzar

PHP - local side saving....

Recommended Posts

Hey everyone, when someone goes to their account (myAccount.php) in my program, I want it to copy files they pick from my server to their HD. I have everything covered except for some reason in my code
$file = "home/$user/files/$file_loc";
$newfile = "C:/$file_loc";
if (!copy($file, $newfile)) {
  echo "failed to copy $file...\n";
}else { echo "Success\n"; }

when it copys the files to copies it to my servers HD not theirs for some reason. Any suggustions? Thanks in advance.

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
You'll need to have the files zipped and then send it to the user via a download. There isn't a direct way to copy a file from the server to the client. Look at the FTP and ZIP pages on PHP's website for details on PHP's capabilities.

Share this post


Link to post
Share on other sites
well the way I want it to work is for it to automactially download it to their HD so they don't know the file path to prevent file stealing. I don't want people knowing the file path in the server.

Share this post


Link to post
Share on other sites
I'm afraid that is impossible. If it where possible every web site admin could sneak malicious files into the users hard disk. Which I as an user would not like.

What you could do to prevent file leaking is making some kind of dynamic download url. You make the user download a file named dl.php?id=12461761 where the id is a randomly generated string, unique for every user and saved in a session variable. That dl.php script would then check if the id and the stored session id for the user match and if they do, serve the file to the user.

That could be done by changing the header information in the dl.php script and then echo the whole file. Honestly i'm not really sure about which way is the best to do that but my point is that it is possible to make an *.php script act as a downloadable file.

Share this post


Link to post
Share on other sites
Quote:
Original post by Bessi
Honestly i'm not really sure about which way is the best to do that but my point is that it is possible to make an *.php script act as a downloadable file.

That's definitely the way to go. For example:
<?
// dl.php
if ($_GET["id"] == 12461761)
{
header("Content-type: application/pdf");
header("Content-Disposition: attachment; filename=\"generatedfilename.zip\"");
readfile("fileontheserver.zip");
}
?>

Just a quick 'n dirty example of course. In dll.php you could check whatever you want: a session id, whether a user is logged in or not, remote ip address, etc. This completely hides the file's actual location and adds some extra security options as listed.

Automatically copying files to a client could and should never work (accept for cookies of course), just imagine the security risks.

Share this post


Link to post
Share on other sites
I agree. I don't know why I didn't think of that. I'll try your idea. I really apprecate the help. While I'm at it, what is the header("Content-Disposition: attachment; filename=\"generatedfilename.zip\""); used for? Thanks again for the help.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this