Hi,
I am using the following piece of code, to download files, but the files are allways corrupt...what am I doing wrong?
if ($submit) { $full_filename = $_POST[full_filename]; $filename = $_POST[filename]; $dir = $_POST['dir']; $size = $_POST[size]; $id = $_POST[id];
if((file_exists($full_filename)) && (substr(decoct(fileperms($dir)),-1) >= 4)) { header("Content-type: ". "application/exe"); header("Content-Disposition: " . "attachment" . "; filename=\"".$filename)."\""; header("Content-Length: ".$size); $fp = readfile($full_filename, "r"); mysql_query ("INSERT INTO files_downloaded VALUES('$id','$ip',NOW())",$db_connection) or die (mysql_error()); return $fp; } }
You might have a php warning in the downloaded file, it will be either at the beginning or at the end, just open a text editor and view it.
Also you don't check $full_filename, users can submit enything, e.g. /etc/shadow or includes/config.php, and the script sends it.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
