Sending correct file size with PHP download script
Originally from http://paul.luminos.nl/update/471:
The CrimsonBase website verifies downloads by passing them through a robust PHP script similar to the one published by Andrew Johnson in his article about PHP-controlled file downloads.
Andrew makes a very important comment at the end of the article:
"If you compress files with Zlib, mod_deflate and so on the Content-Length header won't be accurate so you'll end up seeing "Unknown size" and "Unknown time remaining" when downloading files."
I would like to stress this: if your browser doesn't appear to be obeying the headers generated by your PHP script—especially
Content-Length
—it is fairly likely that Apache'smod_deflate
extension is enabled.You can easily disable it for a single script using the following line in an applicable
.htaccess
file:SetEnvIfNoCase Request_URI ^/download\.php no-gzip dont-vary
where download.php is here assumed to be in the download script located in the server's root directory path (e.g.
www.crimsonbase.com/download.php
). (That's because the regular expression is^/download\.php
.)
PHP: Force download header wont show total size and speed
Is the content being compressed at the server level with mod_deflate or something similar?
This has been answered here:
Sending correct file size with PHP download script
"If you compress files with Zlib, mod_deflate and so on the Content-Length header won't be accurate so you'll end up seeing "Unknown size" and "Unknown time remaining" when downloading files."
"You can easily disable it for a single script using the following line in an applicable .htaccess file:
SetEnvIfNoCase Request_URI ^/download.php no-gzip dont-vary
where download.php is here assumed to be in the download script located in the server's root directory path (e.g. www.crimsonbase.com/download.php). (That's because the regular expression is ^/download.php.)"
Also, please note that your script is insecure. Someone could effectively send the following get parameter for _GET['file']
../../../../../Documents/MyStuff
and it will override your $path restriction entirely.
Suggest stripping out any .. references in the path.
How to download large files through PHP script
If you use fopen
and fread
instead of readfile
, that should solve your problem.
There's a solution in the PHP's readfile
documentation showing how to use fread
to do what you want.
How to write PHP script for proper file download?
Try putting an exit
after readfile
, I think that would solve your problem
Downloading files as attachment filesize incorrect
If you open the contents of that file you downloaded in a text editor, you will no doubt see an error message. This is probably because your path starts with /
. When you open files from disk, the doc root of your server path is meaningless. You need to specify the real path.
Also, your script is terribly insecure! Anyone can download any file they want off your server. Make sure to check that the file is within the doc root before serving it up. Never let a user just specify any file they want without restriction. You don't want some doing ?file=../../../etc/passwd
.
Related Topics
Xml Creation Using Codeigniter
PHP Soap Client That Understands Multi-Part Messages
Why Does PHP Not Complain When I Treat a Null Value as an Array Like This
PHP Adding Custom Namespace Using Autoloader from Composer
How to Force an Image Download in the Browser
Sql_Calc_Found_Rows/Found_Rows() Does Not Work in PHP
I'm Getting This Error Code: Invalid Argument Supplied for Foreach()
How to Apply a Function to an Array
Create Thumbnail from Video Without Ffmpeg in PHP
Check If All Values in Array Are the Same
How to Setup a Cron Job in Magento Module
Woocommerce Add to Cart Button Redirect to Checkout
SQL & PHP - Which Is Faster MySQL_Num_Rows() or 'Select Count()'