I have created a download script in order to hide the file location and to force people passing by our website to download a file. it should return a .jar file. When i post a .jar file to download it'll return corrupt! so we changed the file-extension to .zip to test if that would work. Now i can download it for myself but other people still report corruption of the file...
here's a link to the live download page: https://www.run2stay.com/?p=download
here's the code used inside download.php:
<? session_start();
include_once("inc/conf.php");
if ($stmt = $slc->prepare("SELECT id,
creator,
name,
version,
discription,
changelog,
readme,
file,
datum,
downloads
FROM download ORDER by id desc")) {
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows == 0) {
echo "<h3>Oops!</h3><p>Seems like there are no downloads yet!</p>";
} else {
$stmt->bind_result($down_id, $creat, $name, $vers, $disc, $change, $read, $file, $dat, $down);
while ($stmt->fetch()) { ?>
<h3 id="<?=$down_id;?>"><?=$name;?> <?=$vers;?> <i>by <?=$creat;?></i></h3>
<?=$dat;?>
<? if (!empty($disc)) { ?>
<h4>Discription:</h4>
<p id="ber"><?=$disc;?></p>
<? } if (!empty($change)) { ?>
<h4>Changelog:</h4>
<p id="ber"><?=$change;?></p>
<? } if (!empty($read)) { ?>
<h4>Readme:</h4>
<p id="ber"><?=$read;?></p>
<? } ?>
<h4>Download:</h4>
<? $_SESSION["dl"] = $_SERVER["HTTP_HOST"]; ?>
<input type="button" value="download" onclick="location.href='?p=dl&get=<?=$file;?>&w=<?=$down_id;?>';"> <?=$down;?> times downloaded.
<hr>
<? } } } ?>
The code i used inside dl.php
<?php
include_once("inc/conf.php");
if (!empty($_GET)) {
$file = htmlspecialchars($_GET['get']);
$file = "mods/$file";
$down_id = htmlspecialchars($_GET['w']);
session_start();
if(isset($_SESSION["dl"])) {
$referrer = $_SERVER["HTTP_REFERER"];
$referrer = parse_url($referrer);
if($referrer["host"] != $_SESSION["dl"]) {
echo "<meta http-equiv=refresh content=0;URL=?p=download>";
die();
}
} else {
echo "<meta http-equiv=refresh content=0;URL=?p=download>";
die();
}
unset($_SESSION["dl"]);
if (file_exists($file)) {
header('Content-Description: File Transfer');
header("Expires: fri, 1 Jan 2016 00:00:00 GMT"); // Don't change.
header('Content-Type: application/java-archive');
header('Content-Disposition: attachment; filename="'.basename($file).'"');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
readfile("$file");
$qry = "UPDATE download SET downloads=downloads+1 WHERE id=?";
$stmt = $slc->prepare($qry);
$stmt->bind_param('s',$down_id);
$stmt->execute();
$stmt->close();
exit;
} else {
echo "<h3>Oops!</h3><p>Looks like something horrible went wrong!</p>";
}
}
?>