PHP - Protected download
In this example, we are protecting a file from an unauthenticated download.
The script will ask for username and password, and if it is OK, it will send a file. Notice, that we do not give file URL. We are sending file through PHP script, so the real location of the file stays secret for the outside world. The downside is that a user cannot continue an interrupted download.
Depending on the server configuration, you may not have sufficient permissions to use mime_content_type (it is disabled by default). If this is a situation, just hardcode your MIME type.
<?php
if (isset($_POST["username"]) && ($_POST["username"] == "phpbee") &&
isset($_POST["password"]) && ($_POST["password"] == "phpbee"))
SendFile();
else
DisplayLoginPage();
function DisplayLoginPage()
{
?>
<html>
<head>
<title>Protected download</title>
</head>
<body>
<h2>Welcome to download area</h2>
<p> Type username and password to download a file </p>
<p> Type phpbee for both username and password </p>
<form action="download.php" method="post">
Username<br>
<input type="text" name="username"><br>
Password<br>
<input type="password" name="password"><br>
<input type="hidden" name="login"><br>
<input type="submit">
<input type="reset">
</form>
</body>
</html>
<?php
}
function SendFile()
{
$FileName = "filename.zip";
//header("Content-Type: " . mime_content_type($FileName));
// if you are not allowed to use mime_content_type, then hardcode MIME type
// use application/octet-stream for any binary file
// use application/x-executable-file for executables
// use application/x-zip-compressed for zip files
header("Content-Type: application/octet-stream");
header("Content-Length: " . filesize($FileName));
header("Content-Disposition: attachment; filename=\"$FileName\"");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
$fp = fopen($FileName,"rb");
fpassthru($fp);
fclose($fp);
}
?>
if (isset($_POST["username"]) && ($_POST["username"] == "phpbee") &&
isset($_POST["password"]) && ($_POST["password"] == "phpbee"))
SendFile();
else
DisplayLoginPage();
function DisplayLoginPage()
{
?>
<html>
<head>
<title>Protected download</title>
</head>
<body>
<h2>Welcome to download area</h2>
<p> Type username and password to download a file </p>
<p> Type phpbee for both username and password </p>
<form action="download.php" method="post">
Username<br>
<input type="text" name="username"><br>
Password<br>
<input type="password" name="password"><br>
<input type="hidden" name="login"><br>
<input type="submit">
<input type="reset">
</form>
</body>
</html>
<?php
}
function SendFile()
{
$FileName = "filename.zip";
//header("Content-Type: " . mime_content_type($FileName));
// if you are not allowed to use mime_content_type, then hardcode MIME type
// use application/octet-stream for any binary file
// use application/x-executable-file for executables
// use application/x-zip-compressed for zip files
header("Content-Type: application/octet-stream");
header("Content-Length: " . filesize($FileName));
header("Content-Disposition: attachment; filename=\"$FileName\"");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
$fp = fopen($FileName,"rb");
fpassthru($fp);
fclose($fp);
}
?>
Related Marakana Courses
- PHP and MySQL Bootcamp Training
November 7th, 2007 at 5:01 am
Parse error: syntax error, unexpected ':' in /home/cafe-galleri/web/cafe-galleri.no/download.php on line 39
i get that error, line 39 is header(“Content-Type: application/octet-stream”);
what's wrong?
January 18th, 2008 at 10:39 pm
yeah it gives me:
Warning: Cannot modify header information - headers already sent by (output started at /home/www/longpoke.us.to/lp/x.php:7)
wtf mate i was liking the code too :O
January 18th, 2008 at 10:43 pm
oh nvm now i see how it works
July 20th, 2008 at 8:05 am
h?mm it needs ob_start(); at the beginning and ob_flush(); for the " Cannot modify header information " problem
however when I run this code it downloads my page not the file? is there any problem with header or is it a configuration issue of the server?
November 12th, 2008 at 6:56 pm
jfw9y3b5ork1r41e