$file = "home/$user/files/$file_loc";
$newfile = "C:/$file_loc";
if (!copy($file, $newfile)) {
echo "failed to copy $file...\n";
}else { echo "Success\n"; }
PHP - local side saving....
Author
Hey everyone, when someone goes to their account (myAccount.php) in my program, I want it to copy files they pick from my server to their HD. I have everything covered except for some reason in my code
when it copys the files to copies it to my servers HD not theirs for some reason. Any suggustions? Thanks in advance.
You'll need to have the files zipped and then send it to the user via a download. There isn't a direct way to copy a file from the server to the client. Look at the FTP and ZIP pages on PHP's website for details on PHP's capabilities.
Author
well the way I want it to work is for it to automactially download it to their HD so they don't know the file path to prevent file stealing. I don't want people knowing the file path in the server.
I'm afraid that is impossible. If it where possible every web site admin could sneak malicious files into the users hard disk. Which I as an user would not like.
What you could do to prevent file leaking is making some kind of dynamic download url. You make the user download a file named dl.php?id=12461761 where the id is a randomly generated string, unique for every user and saved in a session variable. That dl.php script would then check if the id and the stored session id for the user match and if they do, serve the file to the user.
That could be done by changing the header information in the dl.php script and then echo the whole file. Honestly i'm not really sure about which way is the best to do that but my point is that it is possible to make an *.php script act as a downloadable file.
What you could do to prevent file leaking is making some kind of dynamic download url. You make the user download a file named dl.php?id=12461761 where the id is a randomly generated string, unique for every user and saved in a session variable. That dl.php script would then check if the id and the stored session id for the user match and if they do, serve the file to the user.
That could be done by changing the header information in the dl.php script and then echo the whole file. Honestly i'm not really sure about which way is the best to do that but my point is that it is possible to make an *.php script act as a downloadable file.
Quote:Original post by Bessi
Honestly i'm not really sure about which way is the best to do that but my point is that it is possible to make an *.php script act as a downloadable file.
That's definitely the way to go. For example:
<?// dl.phpif ($_GET["id"] == 12461761){ header("Content-type: application/pdf"); header("Content-Disposition: attachment; filename=\"generatedfilename.zip\""); readfile("fileontheserver.zip");}?>Just a quick 'n dirty example of course. In dll.php you could check whatever you want: a session id, whether a user is logged in or not, remote ip address, etc. This completely hides the file's actual location and adds some extra security options as listed.
Automatically copying files to a client could and should never work (accept for cookies of course), just imagine the security risks.
Author
I agree. I don't know why I didn't think of that. I'll try your idea. I really apprecate the help. While I'm at it, what is the header("Content-Disposition: attachment; filename=\"generatedfilename.zip\""); used for? Thanks again for the help.
Author
nevermind, thank you for your help. I understand how it works. Thanks for the help.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
