Wzskynet # 163.com
· Php escapeshellcmd multi-byte encoding vulnerability
· Explain in detail the application of the cache technology in PHP
· Use PHP V5 to develop multi-task applications
· Detailed parsing of PHP data sending process to MySQL
· PHP static release methods
Are you sure you want to laugh at me and say "download files" is so simple? Of course it is not as simple as you think. For example, if you want the customer to fill out a form before downloading a file, your first thought must be "Redirect, check whether the form is complete and complete. Then, point the website address to the file so that the customer can download the file. For example, the following code is compiled by the author:
Copy codeThe Code is as follows: <?
// Check whether all FORM fields are complete...
If ($ form_completed ){
Header ("Location: http://www.jb51.net/download/info_check.exe ");
Exit;
}
?>
Or the following situations:Copy codeThe Code is as follows: <a href = "http://www.yourwebl.com/users/download.php? Id = 124524 "> Start File Download </a>
The ID method is used to receive the number of the file to be downloaded, and then the "Redirect" method is used to connect to the actual website.
If you want to create an e-commerce website for "online shopping" and consider security issues, you do not want users to directly copy the website to download the file, I suggest you use PHP to directly read the actual file and then download it. The procedure is as follows:Copy codeThe Code is as follows: <?
$ File_name = "info_check.exe ";
$ File_dir = "/public/www/download /";
If (! File_exists ($ file_dir. $ file_name) {// check whether the file exists
Echo "file not found ";
Exit;
} Else {
$ File = fopen ($ file_dir. $ file_name, "r"); // open the file
// Input file tag
Header ("Content-type: application/octet-stream ");
Header ("Accept-Ranges: bytes ");
Header ("Accept-Length:". filesize ($ file_dir. $ file_name ));
Header ("Content-Disposition: attachment; filename =". $ file_name );
// Output file content
Echo fread ($ file, filesize ($ file_dir. $ file_name ));
Fclose ($ file );
Exit ;}
?>
If the file path is "http" or "ftp", the source code will change a little. The program is as follows:Copy codeThe Code is as follows: <?
$ File_name = "info_check.exe ";
$ File_dir = "http://www.jb51.net /";
$ File = @ fopen ($ file_dir. $ file_name, "r ");
If (! $ File ){
Echo "file not found ";
} Else {
Header ("Content-type: application/octet-stream ");
Header ("Content-Disposition: attachment; filename =". $ file_name );
While (! Feof ($ file )){
Echo fread ($ file, 50000 );
}
Fclose ($ file );
}
?>
In this way, you can use PHP to directly output files.
Secure PHP File Download!Copy codeThe Code is as follows: public function downloads ($ name ){
$ Name_tmp = explode ("_", $ name );
$ Type = $ name_tmp [0];
$ File_time = explode (".", $ name_tmp [3]);
$ File_time = $ file_time [0];
$ File_date = date ("Y/md", $ file_time );
$ File_dir = SITE_PATH. "/data/uploads/$ type/$ file_date /";
If (! File_exists ($ file_dir. $ name )){
Header ("Content-type: text/html; charset = UTF-8 ");
Echo "File not found! ";
Exit;
} Else {
$ File = fopen ($ file_dir. $ name, "r ");
Header ("Content-type: application/octet-stream ");
Header ("Accept-Ranges: bytes ");
Header ("Accept-Length:". filesize ($ file_dir. $ name ));
Header ("Content-Disposition: attachment; filename =". $ name );
Echo fread ($ file, filesize ($ file_dir. $ name ));
Fclose ($ file );
}
}