• Registered: 2008-01-20
  • Posts: 8

Topic: File upload/download problems - header being inserted into file

Hi folks, I know this is not punbb related but I'm *really* hoping that someone can help me.

I have the following to allow users to download certain files that were uploaded to a database.  However, when the user clicks on the link, the file is inserted with all the header information from the current page and is thus currupt upon download.  I know I can't "clear the current headers" before the download but what do I do here to make this work properly?  Any help is greatly appreciated.


<?php
define('PUN_ROOT', '../');
include '../include/common.php';

global $pun_user;

require_once "../../../header.php";
?>
<div id="heading"><h1>File Download</h1></div><div id="main">
<?php

if ($pun_user['is_guest']) {

  echo "<p><b>You must be logged in to view this page.</b><br />";
  echo "<p>Please <a href=\"../login.php\">login</a> or <a href=\"../register.php\">register</a>.<br />";
  echo "<p>Once registered, you can download files here.</p>";
    }
else {

echo "<span class=\"login_text\">Logged in as: ".pun_htmlspecialchars($pun_user['username'])." :: <a href=\"../login.php?action=out&id=".$pun_user['id']."&location_out=".$_SERVER['PHP_SELF']."\">Logout</a></span></p><hr /><p>";

// download the file if it's clicked on 

if(isset($_GET['id']))
{
    include '../../dbconfig.php'; 

    $id      = $_GET['id'];
    $query   = "SELECT username, filename, type, size, content FROM upload WHERE id = '$id'";
    $result  = mysql_query($query) or die('Error, query failed');
    list($db_username, $name, $type, $size, $content) = mysql_fetch_array($result);

    if ($db_username != $pun_user['username']) {
    echo "<br /><br /><FONT color=\"red\"><b>You do not have authorization to download that file.</b></font><br />";
    } else {

    header("Content-Disposition: attachment; filename=$name");
    header("Content-length: $size");
    header("Content-type: $type");
    echo $content;
    
    exit;
}
}
?>
<html>
<head>
<title>Download File</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<?

include '../../dbconfig.php';

$user = $pun_user['username'];

$query  = "SELECT id, filename FROM upload WHERE username = '$user'";
$result = mysql_query($query) or die('Error, query failed'.mysql_error());
if(mysql_num_rows($result) == 0)
{
  echo "<p><b>No files found for your account.</b>";
} 
    // if there are files to download, list them here
else
{    echo "<p><b>Available Files:</b><p>"; 
    while(list($id, $name) = mysql_fetch_array($result))
    {

    echo "<a href=\"index.php?id=".$id."\">".$name."</a> <br />";    
    }
    echo "</p>";    
}
?>
</body>
</html>

<?php
} 
echo "</div>";
require_once "../../../footer.html";
?>
  • Smartys
  • Former PunBB Developer
  • Offline
  • Registered: 2004-04-30
  • Posts: 7,844

Re: File upload/download problems - header being inserted into file

Put the download code (the code for outputting the download) before you output any HTML.

  • Registered: 2008-01-20
  • Posts: 8

Re: File upload/download problems - header being inserted into file

Thanks Smartys, I ended up putting it in an entirely different filename altogether and that seems to be working okay.

Thanks for your help!  It is very much appreciated.