|
użytkowników online: 40
|
OPINIE UŻYTKOWNIKÓW
|
Przyznam, że jestem pod sporym wrażeniem. Od wielu lat zajmuje się grafiką przeznaczoną do druku ze szczególnym uwzględnieniem opakowań. Z radością stwierdzam, iż twórca serwisu jest moim ulubionym typem potencjalnego współpracownika (choć branża troszeczkę inna) tzn. pada pytanie i błyskawicznie pada konkretna odpowiedź bez względu na stopień skomplikowania pytania. Gorąco polecam współpracę, gdyż macie pewność że nie zostaniecie potraktowani sloganami typu "oczywiście", "nie ma sprawy" tylko otrzymacie konkretną pomoc. Tak trzymać! Na pewno jeszcze nie raz skorzystam
Paweł
Studio Gama
|
|
PODRĘCZNIK PHP 5.x, 4.x, 3.x - częściowo spolszczony / źródło: www.php.net
[Spis]
[A]
[B]
[C]
[D]
[E]
[F]
[G]
[H]
[I]
[J]
[K]
[L]
[M]
[N]
[O]
[P]
[Q]
[R]
[S]
[T]
[U]
[V]
[X]
[W]
[Z]
readfile (PHP 3, PHP 4, PHP 5) readfile -- Wyświetla plik Opisint readfile ( string nazwapliku [, bool użyj_include_path [, resource context]] )
Odczytuje plik i zapisuje go do bufora wyjściowego.
Zwraca liczbę odczytanych bajtów z pliku, Jeśli nastąpił błą,
zwraca FALSE oraz wyświetlany jest komunikat błędu, chyba, żę
funkcja została wywołana jako @readfile().
Podpowiedź: Jeśli włączona jest dyrektywa
konfiguracyjna fopen wrappers,
możliwe jest podanie jako nazwy pliku adresu URL. Zobacz opis funkcji
fopen() aby dowiedzieć się jak przekazać nazwę pliku, oraz
fopen wrappers aby uzyskać listę
obsługiwanych protokołów.
Można ustawić opcjonalny drugi parametr na TRUE jeśli
plik ma być poszukiwany także w include_path.
Notatka: Wsparcie dla kontekstów zostało
dodane w PHP 5.0.0.
Patrz także: fpassthru(),
file(), fopen(),
include(), require(),
virtual(), file_get_contents()
i Dodatek L.
User Contributed Notes8riaN
31-Jan-2006 06:58
A quick note on planetmaster's fine code sample.
If plan to use it in a potentially hostile environment, such as a public or semi-public website, it needs a tiny tweak to guard against an SQL injection attack .
the line:
<?
$sql = " SELECT id, fileurl, filename, filesize FROM ibf_movies WHERE id=' $_GET[id]' ";
?>
Allows users to pass a ; and additional SQL directly to the database using the id field to try to crack it or tamper with it. Fortunately there is, in this case, an extremely easy fix for this, the intval() funtion, which will do it's best to return a good number, and return a 0 for anything else - no SQL injection possible. So changet the above to:
<?
$intId = intval($_GET[id]) ;
$sql = " SELECT id, fileurl, filename, filesize FROM ibf_movies WHERE id=' $_intID' ";
?>
and you're protected.
oryan at zareste dot com
27-Nov-2005 04:18
As Grey said below: Readfile will send users un-executed PHP files, which makes it easy to exploit vulnerabilities. It's common - and easy - to use GET variables pointing to downloadable files, like script.php?v=web/file.mov , but this lets users to change it to script.php?v=index.php and get damaging info. Even POST variables can be exploited this way if the user's on a custom browser.
To keep secure, limit downloadable files to one directory, like 'web/', so that script.php?v=file.mov will send web/file.mov, and scan the variable for '..' and 'php' to make sure users can't go into other directories, or open php files you may have stupidly put under web/. This should cover all the bases.
peavey at pixelpickers dot com
20-Oct-2005 03:38
A mime-type-independent forced download can also be conducted by using:
<?
(...)
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Content-type: application/x-download");
header("Content-Disposition: attachment; filename={$new_name}");
header("Content-Transfer-Encoding: binary");
?>
Cheers,
Peavey
planetmaster at planetgac dot com
17-Oct-2005 08:44
Using pieces of the forced download script, adding in MySQL database functions, and hiding the file location for security was what we needed for downloading wmv files from our members creations without prompting Media player as well as secure the file itself and use only database queries. Something to the effect below, very customizable for private access, remote files, and keeping order of your online media.
<?
$sql = " SELECT id, fileurl, filename, filesize FROM ibf_movies WHERE id=' $_GET[id]' ";
$res = mysql_query($sql);
while ($row = mysql_fetch_array($res)) {
$fileurl = $row['fileurl'];
$filename= $row['filename'];
$filesize= $row['filesize'];
$file_extension = strtolower(substr(strrchr($filename,"."),1));
switch ($file_extension) {
case "wmv": $ctype="video/x-ms-wmv"; break;
default: $ctype="application/force-download";
}
if(ini_get('zlib.output_compression'))
ini_set('zlib.output_compression', 'Off');
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private",false);
header("Content-Type: video/x-ms-wmv");
header("Content-Type: $ctype");
header("Content-Disposition: attachment; filename=\"".basename($filename)."\";");
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".@filesize($filename));
set_time_limit(0);
@readfile("$fileurl") or die("File not found.");
}
$donwloaded = "downloads + 1";
if ($_GET["hit"]) {
mysql_query("UPDATE ibf_movies SET downloads = $donwloaded WHERE id=' $_GET[id]'");
}
?>
While at it I added into download.php a hit (download) counter. Of course you need to setup the DB, table, and columns. Email me for Full setup// Session marker is also a security/logging option
Used in the context of linking:
http://www.yourdomain.com/download.php?id=xx&hit=1
antispam [at] rdx page [dot] com
20-Sep-2005 11:14
Just a note: If you're using bw_mod (current version 0.6) to limit bandwidth in Apache 2, it *will not* limit bandwidth during readfile events.
dpirvulescu at simcoint dot com
29-Aug-2005 03:05
I have some problem with the force download script. The readfile() function crashed without any error message when I tried to download some word files. I solved the problem by replacing the readfile() with include()
23-Aug-2005 11:39
here is a nice force download scirpt
$filename = 'dummy.zip';
$filename = realpath($filename);
$file_extension = strtolower(substr(strrchr($filename,"."),1));
switch ($file_extension) {
case "pdf": $ctype="application/pdf"; break;
case "exe": $ctype="application/octet-stream"; break;
case "zip": $ctype="application/zip"; break;
case "doc": $ctype="application/msword"; break;
case "xls": $ctype="application/vnd.ms-excel"; break;
case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
case "gif": $ctype="image/gif"; break;
case "png": $ctype="image/png"; break;
case "jpe": case "jpeg":
case "jpg": $ctype="image/jpg"; break;
default: $ctype="application/force-download";
}
if (!file_exists($filename)) {
die("NO FILE HERE");
}
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private",false);
header("Content-Type: $ctype");
header("Content-Disposition: attachment; filename=\"".basename($filename)."\";");
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".@filesize($filename));
set_time_limit(0);
@readfile("$filename") or die("File not found.");
herbert dot fischer at NOSPAM dot gmail dot com
22-Jul-2005 05:01
readfile and fpassthru are about 55% slower than doing a loop with "feof/echo fread".
cenaculo at netcabo dot pt
18-Jul-2005 09:09
This is a good function to overcome the Animated GIF problem in PHP, sending a GIF as a normal file, just putting a header before, just to tell the browser that you are sending a GIF. This was the only way i found to send an animated GIF that really animates in the browser.
The code i reproduce here is not mine, but posted before by chrisputnam at gmail dot com, and it works just fine, i just putted the header before:
<?php
function readfile_chunked($filename,$retbytes=true)
{
$chunksize = 1*(1024*1024); $buffer = '';
$cnt =0;
$handle = fopen($filename, 'rb');
if ($handle === false)
{
return false;
}
while (!feof($handle))
{
$buffer = fread($handle, $chunksize);
echo $buffer;
flush();
if ($retbytes)
{
$cnt += strlen($buffer);
}
}
$status = fclose($handle);
if ($retbytes && $status)
{
return $cnt; }
return $status;
}
$vfile = "filename.gif";
header("Content-type: image/gif");
readfile_chunked($vfile,false);
?>
The code i had before was like this:
<?php
$vfile = "filename.gif";
$im = imagecreatefromgif($vfile);
header("Content-type: image/gif");
imagegif($im);
?>
But it only shows the first frame of the Animated GIF.
chrisputnam at gmail dibbity dot cizzom
30-Jun-2005 12:27
I'm really sorry, in my last comment you NEED to say:
ob_flush();
flush();
NOT just flush(); Once you've done this the chunking function should work wonderfully.
Also the creator didn't really document it in the comments, but the reason he had the 1 in "1*(1024*1024)" was to quickly change the number of megabytes you're using in your chunks (although I guess that may be obvious).
I hope this helps!
chrisputnam at gmail dot com
29-Jun-2005 10:44
In response to flowbee@gmail.com --
When using the readfile_chunked function noted here with files larger than 10MB or so I am still having memory errors. It's because the writers have left out the all important flush() after each read. So this is the proper chunked readfile (which isn't really readfile at all, and should probably be crossposted to passthru(), fopen(), and popen() just so browsers can find this information):
<?php
function readfile_chunked($filename,$retbytes=true) {
$chunksize = 1*(1024*1024); $buffer = '';
$cnt =0;
$handle = fopen($filename, 'rb');
if ($handle === false) {
return false;
}
while (!feof($handle)) {
$buffer = fread($handle, $chunksize);
echo $buffer;
flush();
if ($retbytes) {
$cnt += strlen($buffer);
}
}
$status = fclose($handle);
if ($retbytes && $status) {
return $cnt; }
return $status;
}
?>
All I've added is a flush(); after the echo line. Be sure to include this!
Hern
|
