By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
445,645 Members | 1,047 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 445,645 IT Pros & Developers. It's quick & easy.

File download module works for .ZIP/.TXT but .EXE are always corrupted...

P: n/a
I wrote a file download module for my website. The reason for the file
download module is that my website downloads work on a credit based system.
So I need to keep track of and limit daily downloads.

It uses fpassthru() and some headers() to send a file to the requesting
user. The get.php file that I wrote (the file download module if you will)
works like a charm for .ZIP files and .TXT files. However, when .EXE files
are downloaded they are always corrupt. The problem exists in both MSIE and
Mozilla.

Someone suggested that I have too much code in my get.php file. I thought
this was strange but I tested it nonetheless. It turns out when I had my
get.php file with just the minimal code it worked fine for all file types:
..zip, .txt, .exe.

So I have two options:
1) Use a very very simple get.php with just the necessary header() and
fpassthru() code. This means I need another "buddy file" that will perform
the credit checking, accessing the database etc. If I use this method I
need a way to secure the get.php so that not just not anyone can call the
get.php, but they have to go through the credit checking. This seems that
it would again end up making the get.php file bloated.

2) Maybe something is wrong with my "bloated" get.php and that is why
..EXE are being corrupted. It seems strange that .ZIP and .TXT would work
fine but .EXE are not. This would definitely be the easier of the two
options I believe, if it possible.

I have had people tell me that:

"You can't have excess code in a file download module"

"It doesnt matter how many code is in the file download module"

So who is correct I ask, and how can I remedy my problem?

Thanks,
Brandon
//THE MINIMAL GET.PHP THAT WORKS LIKE A CHARM FOR ALL FILETYPES:
<?
if (strlen($HTTP_GET_VARS[sub]) > 0)
$path = "../Archive/" . $HTTP_GET_VARS[cat] . "/" . $HTTP_GET_VARS[sub] .
"/" . $HTTP_GET_VARS[file];
else
$path = "../Archive/" . $HTTP_GET_VARS[cat] . "/" . $HTTP_GET_VARS[file];

header("Pragma: ");
header("Cache-Control: ");
header("Content-type: application/octet-stream");
header("Content-Disposition: filename=\"$HTTP_GET_VARS[file]\"");
header("Content-Length: " . filesize($path));
header ("Connection: close");
//header("Content-Transfer-Encoding: binary\n");
$fp=fopen($path,"rb");
fpassthru($fp);
?>


//THE FILE "BLOATED" GET.PHP:

<?

if (strlen($HTTP_GET_VARS[sub]) > 0)
$path = "../Archive/" . $HTTP_GET_VARS[cat] . "/" . $HTTP_GET_VARS[sub] .
"/" . $HTTP_GET_VARS[file];
else
$path = "../Archive/" . $HTTP_GET_VARS[cat] . "/" . $HTTP_GET_VARS[file];

header("Pragma: ");
header("Cache-Control: ");
header("Content-type: application/octet-stream");
header("Content-Disposition: filename=\"$HTTP_GET_VARS[file]\"");
header("Content-Length: " . filesize($path));
header ("Connection: close");
//header("Content-Transfer-Encoding: binary\n");

require("config.php");

$result = mysql_query("SELECT credit FROM $db_users WHERE username =
'$HTTP_COOKIE_VARS[username]' AND password = '$HTTP_COOKIE_VARS[password]'",
$db);
$myrow = mysql_fetch_assoc($result);
$credit = $myrow[credit];

if ($credit > 0) {
$credit--;
$result = mysql_query("UPDATE $db_users SET credit = '$credit' WHERE
username = '$HTTP_COOKIE_VARS[username]'", $db);

$result = mysql_query("SELECT downloads FROM $db_files WHERE file_name =
'$HTTP_GET_VARS[file]' AND cat = '$HTTP_GET_VARS[cat]'", $db);
$myrow = mysql_fetch_assoc($result);
$downloads = $myrow[downloads];
$downloads++;
$result = mysql_query("UPDATE $db_files SET downloads = '$downloads' WHERE
file_name = '$HTTP_GET_VARS[file]' AND cat = '$HTTP_GET_VARS[cat]'", $db);

//readfile(FilePath($HTTP_GET_VARS[cat], $HTTP_GET_VARS[sub],
$HTTP_GET_VARS[file]));
$fp=fopen($path,"rb");
fpassthru($fp);
}else {
echo "Sorry, you do not have access or enough credit for this download.";
}
?>
Jul 17 '05 #1
Share this Question
Share on Google+
5 Replies


P: n/a
A few guesses. you require config.php in the bloated version - make sure
there is no whitespace before the <?php or after the ?> in config.php (e.g.
spaces, newlines etc, as these will be sent as a part of the file, which you
definitely do not want.) Two: your "Sorry, you do not have access or enough
credit for this download" will likely never show up in the browser, but will
rather be offered as binary data... not at all desirable (you have already
sent the headers at this point...)

Brandon Walters wrote:
I wrote a file download module for my website. The reason for the
file download module is that my website downloads work on a credit
based system. So I need to keep track of and limit daily downloads.

It uses fpassthru() and some headers() to send a file to the
requesting user. The get.php file that I wrote (the file download
module if you will) works like a charm for .ZIP files and .TXT files.
However, when .EXE files are downloaded they are always corrupt. The
problem exists in both MSIE and Mozilla.

Someone suggested that I have too much code in my get.php file. I
thought this was strange but I tested it nonetheless. It turns out
when I had my get.php file with just the minimal code it worked fine
for all file types: .zip, .txt, .exe.

So I have two options:
1) Use a very very simple get.php with just the necessary
header() and fpassthru() code. This means I need another "buddy
file" that will perform the credit checking, accessing the database
etc. If I use this method I need a way to secure the get.php so that
not just not anyone can call the get.php, but they have to go through
the credit checking. This seems that it would again end up making
the get.php file bloated.

2) Maybe something is wrong with my "bloated" get.php and that is
why .EXE are being corrupted. It seems strange that .ZIP and .TXT
would work fine but .EXE are not. This would definitely be the
easier of the two options I believe, if it possible.

I have had people tell me that:

"You can't have excess code in a file download module"

"It doesnt matter how many code is in the file download module"

So who is correct I ask, and how can I remedy my problem?

Thanks,
Brandon
//THE MINIMAL GET.PHP THAT WORKS LIKE A CHARM FOR ALL FILETYPES:
<?
if (strlen($HTTP_GET_VARS[sub]) > 0)
$path = "../Archive/" . $HTTP_GET_VARS[cat] . "/" .
$HTTP_GET_VARS[sub] . "/" . $HTTP_GET_VARS[file];
else
$path = "../Archive/" . $HTTP_GET_VARS[cat] . "/" .
$HTTP_GET_VARS[file];

header("Pragma: ");
header("Cache-Control: ");
header("Content-type: application/octet-stream");
header("Content-Disposition: filename=\"$HTTP_GET_VARS[file]\"");
header("Content-Length: " . filesize($path));
header ("Connection: close");
//header("Content-Transfer-Encoding: binary\n");
$fp=fopen($path,"rb");
fpassthru($fp);



//THE FILE "BLOATED" GET.PHP:

<?

if (strlen($HTTP_GET_VARS[sub]) > 0)
$path = "../Archive/" . $HTTP_GET_VARS[cat] . "/" .
$HTTP_GET_VARS[sub] . "/" . $HTTP_GET_VARS[file];
else
$path = "../Archive/" . $HTTP_GET_VARS[cat] . "/" .
$HTTP_GET_VARS[file];

header("Pragma: ");
header("Cache-Control: ");
header("Content-type: application/octet-stream");
header("Content-Disposition: filename=\"$HTTP_GET_VARS[file]\"");
header("Content-Length: " . filesize($path));
header ("Connection: close");
//header("Content-Transfer-Encoding: binary\n");

require("config.php");

$result = mysql_query("SELECT credit FROM $db_users WHERE username =
'$HTTP_COOKIE_VARS[username]' AND password =
'$HTTP_COOKIE_VARS[password]'", $db);
$myrow = mysql_fetch_assoc($result);
$credit = $myrow[credit];

if ($credit > 0) {
$credit--;
$result = mysql_query("UPDATE $db_users SET credit = '$credit' WHERE
username = '$HTTP_COOKIE_VARS[username]'", $db);

$result = mysql_query("SELECT downloads FROM $db_files WHERE
file_name = '$HTTP_GET_VARS[file]' AND cat = '$HTTP_GET_VARS[cat]'",
$db); $myrow = mysql_fetch_assoc($result);
$downloads = $myrow[downloads];
$downloads++;
$result = mysql_query("UPDATE $db_files SET downloads =
'$downloads' WHERE file_name = '$HTTP_GET_VARS[file]' AND cat =
'$HTTP_GET_VARS[cat]'", $db);

//readfile(FilePath($HTTP_GET_VARS[cat], $HTTP_GET_VARS[sub],
$HTTP_GET_VARS[file]));
$fp=fopen($path,"rb");
fpassthru($fp);
}else {
echo "Sorry, you do not have access or enough credit for this
download."; }

Jul 17 '05 #2

P: n/a
Brandon Walters wrote:

I wrote a file download module for my website. The reason for the file
download module is that my website downloads work on a credit based system.
So I need to keep track of and limit daily downloads.

It uses fpassthru() and some headers() to send a file to the requesting
user. The get.php file that I wrote (the file download module if you will)
works like a charm for .ZIP files and .TXT files. However, when .EXE files
are downloaded they are always corrupt. The problem exists in both MSIE and
Mozilla.

Someone suggested that I have too much code in my get.php file. I thought
this was strange but I tested it nonetheless. It turns out when I had my
get.php file with just the minimal code it worked fine for all file types:
.zip, .txt, .exe.

So I have two options:
1) Use a very very simple get.php with just the necessary header() and
fpassthru() code. This means I need another "buddy file" that will perform
the credit checking, accessing the database etc. If I use this method I
need a way to secure the get.php so that not just not anyone can call the
get.php, but they have to go through the credit checking. This seems that
it would again end up making the get.php file bloated.

2) Maybe something is wrong with my "bloated" get.php and that is why
.EXE are being corrupted. It seems strange that .ZIP and .TXT would work
fine but .EXE are not. This would definitely be the easier of the two
options I believe, if it possible.

I have had people tell me that:

"You can't have excess code in a file download module"

"It doesnt matter how many code is in the file download module"

So who is correct I ask, and how can I remedy my problem?

Thanks,
Brandon

//THE MINIMAL GET.PHP THAT WORKS LIKE A CHARM FOR ALL FILETYPES:
<?
if (strlen($HTTP_GET_VARS[sub]) > 0)
$path = "../Archive/" . $HTTP_GET_VARS[cat] . "/" . $HTTP_GET_VARS[sub] .
"/" . $HTTP_GET_VARS[file];
else
$path = "../Archive/" . $HTTP_GET_VARS[cat] . "/" . $HTTP_GET_VARS[file];

header("Pragma: ");
header("Cache-Control: ");
header("Content-type: application/octet-stream");
header("Content-Disposition: filename=\"$HTTP_GET_VARS[file]\"");
header("Content-Length: " . filesize($path));
header ("Connection: close");
//header("Content-Transfer-Encoding: binary\n");
$fp=fopen($path,"rb");
fpassthru($fp);
?>

//THE FILE "BLOATED" GET.PHP:

<?

if (strlen($HTTP_GET_VARS[sub]) > 0)
$path = "../Archive/" . $HTTP_GET_VARS[cat] . "/" . $HTTP_GET_VARS[sub] .
"/" . $HTTP_GET_VARS[file];
else
$path = "../Archive/" . $HTTP_GET_VARS[cat] . "/" . $HTTP_GET_VARS[file];

header("Pragma: ");
header("Cache-Control: ");
header("Content-type: application/octet-stream");
header("Content-Disposition: filename=\"$HTTP_GET_VARS[file]\"");
header("Content-Length: " . filesize($path));
header ("Connection: close");
//header("Content-Transfer-Encoding: binary\n");

require("config.php");

$result = mysql_query("SELECT credit FROM $db_users WHERE username =
'$HTTP_COOKIE_VARS[username]' AND password = '$HTTP_COOKIE_VARS[password]'",
$db);
$myrow = mysql_fetch_assoc($result);
$credit = $myrow[credit];

if ($credit > 0) {
$credit--;
$result = mysql_query("UPDATE $db_users SET credit = '$credit' WHERE
username = '$HTTP_COOKIE_VARS[username]'", $db);

$result = mysql_query("SELECT downloads FROM $db_files WHERE file_name =
'$HTTP_GET_VARS[file]' AND cat = '$HTTP_GET_VARS[cat]'", $db);
$myrow = mysql_fetch_assoc($result);
$downloads = $myrow[downloads];
$downloads++;
$result = mysql_query("UPDATE $db_files SET downloads = '$downloads' WHERE
file_name = '$HTTP_GET_VARS[file]' AND cat = '$HTTP_GET_VARS[cat]'", $db);

//readfile(FilePath($HTTP_GET_VARS[cat], $HTTP_GET_VARS[sub],
$HTTP_GET_VARS[file]));
$fp=fopen($path,"rb");
fpassthru($fp);
}else {
echo "Sorry, you do not have access or enough credit for this download.";
}
?>


You have a newline between the start of the bloated file and "<?". Does that
exist in the real file or was that just sloppy copying/pasting? If the former,
get rid of it.

I'd suggest commenting out the headers and setting error_reporting(E_ALL). That
may show you what error you're getting and help you solve it. Also, check to
make sure config.php isn't outputting any text or whitespace.

I think the minimal code thing is a red herring. My guess is there is text
being sent somewhere. You could also put ob_start(); at the very top of your
file, put the require("config.php") before the headers, and put ob_end_clean();
immediately before the headers, but after the require statement. The beginning
of your file should look like this:

----------------------- File starts here ------------------------
<?PHP
ob_start();
//etc...

not like this:

----------------------- File starts here ------------------------

<?PHP
ob_start();
//etc...
Regards,
Shawn
--
Shawn Wilson
sh***@glassgiant.com
http://www.glassgiant.com
Jul 17 '05 #3

P: n/a
Ahhh, I had checked the get.php for whitespace but not the config.php.
There was whitespace in the config.php and now problem solved!!!

I am sincerely appreciative!! If you ever are in the Columbus, Ohio area
and need a favor, well let me know. I owe you one!!!

Thanks,
Brandon

"Agelmar" <if**********@comcast.net> wrote in message
news:bt************@ID-30799.news.uni-berlin.de...
A few guesses. you require config.php in the bloated version - make sure
there is no whitespace before the <?php or after the ?> in config.php (e.g. spaces, newlines etc, as these will be sent as a part of the file, which you definitely do not want.) Two: your "Sorry, you do not have access or enough credit for this download" will likely never show up in the browser, but will rather be offered as binary data... not at all desirable (you have already
sent the headers at this point...)

Jul 17 '05 #4

P: n/a
Ahhh, I had checked the get.php for whitespace but not the config.php.
There was whitespace in the config.php and now problem solved!!!

I am sincerely appreciative!! If you ever are in the Columbus, Ohio area
and need a favor, well let me know. I owe you one!!!

Thanks,
Brandon

"Agelmar" <if**********@comcast.net> wrote in message
news:bt************@ID-30799.news.uni-berlin.de...
A few guesses. you require config.php in the bloated version - make sure
there is no whitespace before the <?php or after the ?> in config.php (e.g. spaces, newlines etc, as these will be sent as a part of the file, which you definitely do not want.) Two: your "Sorry, you do not have access or enough credit for this download" will likely never show up in the browser, but will rather be offered as binary data... not at all desirable (you have already
sent the headers at this point...)


Jul 17 '05 #5

P: n/a
I see others have already solved your problem, I would just like to add
this:

at the end of your script, before the close ?> tag add:

exit();
?>

This keeps any spaces, new lines after the ?> from ever bing sent, trust me
a blank line after the end tag is sometimes hard to troubleshoot, just
becouse it is overlooked.

--
Mike Bradley
http://www.gzentools.com -- free online php tools
"Brandon Walters" <wa*********@osu.edu> wrote in message
news:bt**********@news.cis.ohio-state.edu...
I wrote a file download module for my website. The reason for the file
download module is that my website downloads work on a credit based system. So I need to keep track of and limit daily downloads.

It uses fpassthru() and some headers() to send a file to the requesting
user. The get.php file that I wrote (the file download module if you will) works like a charm for .ZIP files and .TXT files. However, when .EXE files are downloaded they are always corrupt. The problem exists in both MSIE and Mozilla.

Someone suggested that I have too much code in my get.php file. I thought
this was strange but I tested it nonetheless. It turns out when I had my
get.php file with just the minimal code it worked fine for all file types:
.zip, .txt, .exe.

So I have two options:
1) Use a very very simple get.php with just the necessary header() and
fpassthru() code. This means I need another "buddy file" that will perform the credit checking, accessing the database etc. If I use this method I
need a way to secure the get.php so that not just not anyone can call the
get.php, but they have to go through the credit checking. This seems that
it would again end up making the get.php file bloated.

2) Maybe something is wrong with my "bloated" get.php and that is why
.EXE are being corrupted. It seems strange that .ZIP and .TXT would work
fine but .EXE are not. This would definitely be the easier of the two
options I believe, if it possible.

I have had people tell me that:

"You can't have excess code in a file download module"

"It doesnt matter how many code is in the file download module"

So who is correct I ask, and how can I remedy my problem?

Thanks,
Brandon
//THE MINIMAL GET.PHP THAT WORKS LIKE A CHARM FOR ALL FILETYPES:
<?
if (strlen($HTTP_GET_VARS[sub]) > 0)
$path = "../Archive/" . $HTTP_GET_VARS[cat] . "/" . $HTTP_GET_VARS[sub] .. "/" . $HTTP_GET_VARS[file];
else
$path = "../Archive/" . $HTTP_GET_VARS[cat] . "/" . $HTTP_GET_VARS[file];
header("Pragma: ");
header("Cache-Control: ");
header("Content-type: application/octet-stream");
header("Content-Disposition: filename=\"$HTTP_GET_VARS[file]\"");
header("Content-Length: " . filesize($path));
header ("Connection: close");
//header("Content-Transfer-Encoding: binary\n");
$fp=fopen($path,"rb");
fpassthru($fp);
?>


//THE FILE "BLOATED" GET.PHP:

<?

if (strlen($HTTP_GET_VARS[sub]) > 0)
$path = "../Archive/" . $HTTP_GET_VARS[cat] . "/" . $HTTP_GET_VARS[sub] .. "/" . $HTTP_GET_VARS[file];
else
$path = "../Archive/" . $HTTP_GET_VARS[cat] . "/" . $HTTP_GET_VARS[file];
header("Pragma: ");
header("Cache-Control: ");
header("Content-type: application/octet-stream");
header("Content-Disposition: filename=\"$HTTP_GET_VARS[file]\"");
header("Content-Length: " . filesize($path));
header ("Connection: close");
//header("Content-Transfer-Encoding: binary\n");

require("config.php");

$result = mysql_query("SELECT credit FROM $db_users WHERE username =
'$HTTP_COOKIE_VARS[username]' AND password = '$HTTP_COOKIE_VARS[password]'", $db);
$myrow = mysql_fetch_assoc($result);
$credit = $myrow[credit];

if ($credit > 0) {
$credit--;
$result = mysql_query("UPDATE $db_users SET credit = '$credit' WHERE
username = '$HTTP_COOKIE_VARS[username]'", $db);

$result = mysql_query("SELECT downloads FROM $db_files WHERE file_name =
'$HTTP_GET_VARS[file]' AND cat = '$HTTP_GET_VARS[cat]'", $db);
$myrow = mysql_fetch_assoc($result);
$downloads = $myrow[downloads];
$downloads++;
$result = mysql_query("UPDATE $db_files SET downloads = '$downloads' WHERE file_name = '$HTTP_GET_VARS[file]' AND cat = '$HTTP_GET_VARS[cat]'", $db);

//readfile(FilePath($HTTP_GET_VARS[cat], $HTTP_GET_VARS[sub],
$HTTP_GET_VARS[file]));
$fp=fopen($path,"rb");
fpassthru($fp);
}else {
echo "Sorry, you do not have access or enough credit for this download."; }
?>

Jul 17 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.