Download a File Script

[JENISON187]

I want to allow users to download several documents from my websites download.html page. Basically I just want a user to click a link which will bring up the open,save,cancel windown and it will allow them to download a PDF or Word Document for their own records. Does anyone have any easy script that I could implement?

 

[jpadie]

take from an earlier post.


picture the following directory listing:

.
..
index.php
login.php
/downloadables
/downloadables/one.pdf
/downloadables/two.pdf
/downloadables/.htaccess

the .htaccess file should contain the following

Deny From All

you, of course store your downloadable files in the downloadables directory winky smile

in the index.php file

<?
require_once "login.php";
$path = "downloadables/";
if (isset($_GET['filename'])):
$filename=$_GET['filename'];
$permittedfiles = array("one.pdf","two.pdf");//insert names of permitted files

if (file_exists($path.$filename) && in_array($filename, $permittedfiles)):
   $filesize = filesize($path.$filename);
   header('Content-type: application/octet-stream');
   header('Content-Disposition: attachment; filename="$filename"');
readfile($path.$filename);
    exit();
else:
  echo "invalid download attempt";
endif;
else:
?>
These files are available for download<br/>
<a href="<?=$_SERVER['PHP_SELF']?>?filename=one.pdf">One.pdf</a><br/>
<a href="<?=$_SERVER['PHP_SELF']?>?filename=two.pdf">Two.pdf</a>
<?
endif;
?>

note that you could use a directory crawl function to populate your variables and anchors.

in the login.php file use a cut down form of my login script.  this needs the users and passwords to be stored in an array in the valid login function.  there is no reason why you can't point this function at a db or a text file instead.
CODE
<?php
session_start();
define ("TIMEOUT", 10); //set this to the number of minutes
//use this script by just including the page at the top of every real page
if (!loggedon()):  
    login();  
else:
    //do nothing
endif;

function loggedon() {
    //this tests the current status
    if (isset ($_SESSION['loggedon'])):
        if (login_expired()):
            $GLOBALS['msg'] = "Login expired";
            return false;
        else:
            $_SESSION['lastaccess'] = strtotime("now");
            return true;
        endif;
    else:
        $GLOBALS['msg'] = "You must log on to access this page";
        return false;
    endif;
}
function login_expired() {
    if (isset($_SESSION['lastaccess'])):
        if ( ($_SESSION['lastaccess'] + (TIMEOUT * 60 * 60) ) < strtotime("now") ):
            return true;
        else:
            return false;
        endif;
    else:
        return true;
    endif;
}

function logout($msg=NULL)
{
    unset ($_SESSION['loggedon']);
/*    if (isset($_COOKIE[session_name()])):
        setcookie(session_name(), '', time()-42000, '/');
    endif; */
    if (!empty($msg)) $GLOBALS['msg'] = $msg;
    display_login();
}
//master script
function login()
{
    if (!isset ($_POST['submit'])):
        logout();
    endif;
    
    switch ($_POST['submit']):
        case "Go":
            if (!test_fresh_login()):
                logout("You cannot use the back button to login");
            endif;
            
            if (!validlogon()):
                logout("Either username or password is incorrect");
            else:
                $_SESSION['username'] = $_POST['username'];
                $_SESSION['loggedon'] = true;
                $_SESSION['lastaccess'] = strtotime("now");
                unset ($_POST);
            endif;
        break;
        default:
            logout();
    endswitch;
}

function test_fresh_login()
{
    if (isset($_SESSION['uniqid'])):
        if (isset($_POST['uniqid'])):
            if ($_SESSION['uniqid'] === $_POST['uniqid']):
                unset ($_SESSION['uniqid']);
                return true;
            else:
                return false;
            endif;
        else:
            return false;
        endif;
    else:
        return false;
    endif;
}

function validlogon()
{
    print_r($_POST);
    if (!isset ($_POST['username']) || !isset ($_POST['pwd'])):
        return false;
    endif;
    $valids = array ("admin"=>"password"); //include list of valid username/passwords here
    if (
            (isset($valids[$_POST['username']]))
             &&
            ($valids[$_POST['username']] == $_POST['pwd'])):
        return true;
    else:
        return false;
    endif;
}
function display_login() {
echo "<hr>";
print_r($_SESSION);
print_r($_POST);
echo "<hr>";
$_SESSION['uniqid'] = uniqid("el_can_");
?>
<style type="text/css">
#loginform, {text-align:left;width:50%;border: 1px solid #669966;font-size:14px; margin:0 auto; font-family:Verdana, Arial, Helvetica, sans-serif;}
#loginform .row {clear:both;}
#loginform .field{float:right; width:57%; padding-left:1px; text-align:left}
#loginform .label {float:left; width:39%; padding-right:1px; padding-left:1px;; text-align:right;}
#loginform .row input[type="text"] {width: 90%;}
#loginform .spacer {line-height:1px;}
#loginform input {font-size:14px;}
#loginform .loginmessage {clear:both; width:100%; color:red; text-align:center;}
</style>
<div id="loginform">
<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
<input type="hidden" name="uniqid" value="<?=$_SESSION['uniqid'] ?>" />
<input type="hidden" name="action" value="login" />
<div class="spacer">&nbsp;</div>
<div class="row">
    <span class="label">Username:</span>
    <span class="field"><input type="text" name="username"  /></span>
</div>
<div class="row">
    <span class="label">Password:</span>
    <span class="field"><input type="text" name="pwd"  />
<input type="submit" name="submit" value="Go" /></span>
</div>
</form>
<? if (!empty($GLOBALS['msg'])) echo "<span class=\"loginmessage\">{$GLOBALS['msg']}</span>"; ?>
</div> <!-- end login form -->
<?
exit;
}
?>