Temporary link Download

Ask about a PHP problem here.
Post Reply
davestechuk
Posts: 26
Joined: Tue Jul 23, 2013 2:29 am

Temporary link Download

Post by davestechuk »

Hi Folks,

I am wondering how I would set a default period for a file to expire? At the moment you enter the number of minutes you want the file to be active, and after that set time the file expires. But, I want to add some functionality so that, by default, the file will expire after 10 minutes, say. Any help would be much appreciated. I've got an idea of how to do it. I'm just not sure about the coding of it.



File Name: upload.php 
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <title>Upload a File</title>
    </head>
     
    <body>
     
    <?php
    
    include('core/inc/init.inc.php');
    
    if (isset($_POST['expiry'], $_FILES['file'])){
    
            $file_name = mysql_real_escape_string($_FILES['file']['name']);
            $expiry = time() + ((int)$_POST['expiry']*60);
           
            mysql_query("INSERT INTO files (file_name, file_expiry) VALUES ('{$file_name}', {$expiry})");
            //die(mysql_error());
           
            move_uploaded_file($_FILES['file']['tmp_name'], "core/files/{$_FILES['file']['name']}");
            
            
            echo "<p>". $_FILES['file']['name'] ." has been successfully uploaded.<p>";
    }
    ?>
    <div>
            <form action="" method="post" enctype="multipart/form-data">
                    <p>
                            <input type="text" name="expiry" />
                    </p>
                    
                    <p>
                            <input type="file" name="file" />
                    </p>
                    
                    <p>
                           <input type="submit" value="upload" />
                    </p>
            </form>
    </div>
     
    </body>
    </html>


File Name: file_list.php 
<?php

include('core/inc/init.inc.php');

$files = mysql_query("SELECT file_id, file_name, file_expiry FROM files");

?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>File List</title>
</head>
<style type="text/css">
table { border-collapse:collapse; width:600px; }
td, th {border: solid 1px #999; padding: 4px;}
</style>
<body>
<table>
<tr>

<th>File Name</th>
<th>Expiry</th>

</tr>

<?php

while(($row = mysql_fetch_assoc($files))!==false ){
?>
<tr>

<td><a href="download.php?file_id=<?php echo $row['file_id'] ?>"><?php echo $row['file_name']; ?></a></td>
<td><?php  echo date('d/m/Y H:i:s', $row['file_expiry']); ?> </td>

</tr>

<?php
}
?>
</table>
</body>
</html>


File Name: download.php 
<?php

include('core/inc/init.inc.php');

if (isset($_GET['file_id'])){
	$file_id = (int)$_GET['file_id'];
	
	
	$files = mysql_query("SELECT file_name, file_expiry FROM files WHERE file_id={$file_id}");
	
	if (mysql_num_rows($files) !=1){
	
		echo "Invalid File ID";
	}else{
	
		$row = mysql_fetch_assoc($files);
		
		if($row['file_expiry'] < time())
		{
			echo "This file has expired";
		}
		else 
		{
			$path = "core/files/{$row['file_name']}";
			header("Content-Type: application/octet-stream");
			header('Content-Description: File Transfer');
			header("Content-Disposition: attachment; filename=\"{$row['file_name']}\"");
			header("Content-Length: ". filesize($path));
			readfile($path);
		}
	}
}
?>
Last edited by davestechuk on Wed Apr 17, 2024 4:47 pm, edited 1 time in total.
Top
ScTech
Posts: 92
Joined: Sat Aug 24, 2013 8:40 pm

Re: Temporary link Download

Post by ScTech »

You would just check if they left it blank. However, you need more validation for what you're doing because you aren't checking that what they're entering is actually a number. To accomplish what you're trying to do, first make sure that if they enter something that it's a number so it won't cause issues. You can use ctype_digit() to make sure what a user enters is a number (wihout decimals). After you validate that, you can check if the field is empty, at which point you would insert your default time of 10. You can do this like:
[syntax=php]<?php
if(empty($_POST['expiry'])) {
$expiry = time() + (10 * 60);
} else {
if(!ctype_digit($_POST['expiry'])) {
// Throw an error
} else {
$expiry = time() + ($_POST['expiry'] * 60);
}
}
?>[/syntax]

EDIT: You have an XSS vulnerability when echoing the file name in file_list.php and upload.php. Put htmlentities around the file name to avoid it.
<?php while(!$succeed = try()); ?>
Top
davestechuk
Posts: 26
Joined: Tue Jul 23, 2013 2:29 am

Re: Temporary link Download

Post by davestechuk »

ScTech wrote:You would just check if they left it blank. However, you need more validation for what you're doing because you aren't checking that what they're entering is actually a number. To accomplish what you're trying to do, first make sure that if they enter something that it's a number so it won't cause issues. You can use ctype_digit() to make sure what a user enters is a number (wihout decimals). After you validate that, you can check if the field is empty, at which point you would insert your default time of 10. You can do this like:
[syntax=php]<?php
if(empty($_POST['expiry'])) {
$expiry = time() + (10 * 60);
} else {
if(!ctype_digit($_POST['expiry'])) {
// Throw an error
} else {
$expiry = time() + ($_POST['expiry'] * 60);
}
}
?>[/syntax]

EDIT: You have an XSS vulnerability when echoing the file name in file_list.php and upload.php. Put htmlentities around the file name to avoid it.
Last edited by davestechuk on Thu Aug 29, 2013 11:29 pm, edited 1 time in total.
Top
User avatar
Temor
Posts: 1186
Joined: Thu May 05, 2011 8:04 pm

Re: Temporary link Download

Post by Temor »

Well, htmlentities is just a function like all the others.

[syntax=php] echo "<p>". $_FILES['file']['name'] ." has been successfully uploaded.<p>";[/syntax]
[syntax=php] echo "<p>". htmlentities($_FILES['file']['name']) ." has been successfully uploaded.<p>";[/syntax]

it turns any and all HTML characters into their entities, so it won't cause any interference with your code.


And the code ScTech posted, you should be able to figure out on your own where to place it if you understand the code.

This
[syntax=php] if (isset($_POST['expiry'], $_FILES['file'])){

$file_name = mysql_real_escape_string($_FILES['file']['name']);
$expiry = time() + ((int)$_POST['expiry']*60);
[/syntax]
+ this
[syntax=php]<?php
if(empty($_POST['expiry'])) {
$expiry = time() + (10 * 60);
} else {
if(!ctype_digit($_POST['expiry'])) {
// Throw an error
} else {
$expiry = time() + ($_POST['expiry'] * 60);
}
}
?>

[/syntax]

= this

[syntax=php] if (isset($_POST['expiry'], $_FILES['file'])){

$file_name = mysql_real_escape_string($_FILES['file']['name']);

if(empty($_POST['expiry'])) { // Checks to see if $_POST['expiry'] is empty.
$expiry = time() + (10 * 60); // Is empty. Set expiry time to 10 minutes ( 10 * 60 seconds ).
} else { // Is not empty.
if(!ctype_digit($_POST['expiry'])) { // Check if value is actually an Integer.
// Value is not an integer. Throw an error.
} else { // Value is an integer.
$expiry = time() + ($_POST['expiry'] * 60); // User sets the expiry time.
}
}
[/syntax]


/Edit; The spacing went all wacky in the code examples I posted. Put them in Notepad++ or equivalent and it will be easier to read.
Top
ScTech
Posts: 92
Joined: Sat Aug 24, 2013 8:40 pm

Re: Temporary link Download

Post by ScTech »

Beat me to it Temor :) I should also mention that you should look into checking file extensions and only allow a few. Any files that can execute code like .php,.html.py.js etc. you should filter out because they can potentially break into your file system, or worse. To make it more simple because there are a lot of files you shouldn't allow, you should make a whitelist of files extensions that you do allow.
<?php while(!$succeed = try()); ?>
Top
User avatar
Temor
Posts: 1186
Joined: Thu May 05, 2011 8:04 pm

Re: Temporary link Download

Post by Temor »

ScTech wrote:Beat me to it Temor :) I should also mention that you should look into checking file extensions and only allow a few. Any files that can execute code like .php,.html.py.js etc. you should filter out because they can potentially break into your file system, or worse. To make it more simple because there are a lot of files you shouldn't allow, you should make a whitelist of files extensions that you do allow.

:)

A whitelist like this has been used extensively in Jacek's tutorials. Especially in those related to image uploads.
Top
davestechuk
Posts: 26
Joined: Tue Jul 23, 2013 2:29 am

Re: Temporary link Download

Post by davestechuk »

Temor wrote:
ScTech wrote:Beat me to it Temor :) I should also mention that you should look into checking file extensions and only allow a few. Any files that can execute code like .php,.html.py.js etc. you should filter out because they can potentially break into your file system, or worse. To make it more simple because there are a lot of files you shouldn't allow, you should make a whitelist of files extensions that you do allow.

:)

A whitelist like this has been used extensively in Jacek's tutorials. Especially in those related to image uploads.


I understand what the code does, I'm just not 100% sure when it needs to go exactly in the upload.php file. I already have a white list setup so that user can't upload the likes of .php,.html.py.js etc. I know what you're probably think he can setup a white list but he doesn't know where to put this code... I know its weird, I guess I just understand parts of php better than others.
Top
User avatar
Temor
Posts: 1186
Joined: Thu May 05, 2011 8:04 pm

Re: Temporary link Download

Post by Temor »

Don't take me the wrong way here. All you have to do is just follow the steps of the code and find the one where your modification fits.

It's like a puzzle. You have to look at the part you're gonna put in and take note that it is giving $expiry a value, and then match it to where you do that in your original code.

If you keep staring at code for another 2-4000 hours you'll start noticing these things automatically ( probably way sooner than that even ).
Top
davestechuk
Posts: 26
Joined: Tue Jul 23, 2013 2:29 am

Re: Temporary link Download

Post by davestechuk »

Temor wrote:Don't take me the wrong way here. All you have to do is just follow the steps of the code and find the one where your modification fits.

It's like a puzzle. You have to look at the part you're gonna put in and take note that it is giving $expiry a value, and then match it to where you do that in your original code.

If you keep staring at code for another 2-4000 hours you'll start noticing these things automatically ( probably way sooner than that even ).


[syntax=php]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Upload a File</title>
<style type="text/css">
table {
border-collapse:collapse;
}

table, td, th {
border:1px solid #999;
height:43px;
}
</style>
</head>
<body>
<?php

include('assets/inc/init.inc.php');

if (isset($_POST['expiry'], $_FILES['file'])){
$errors = array();
$allowed_ext = array("mp3","doc","txt","jpg","jpeg","gif","png");

$file_name = $_FILES['file']['name'];
$file_ext = strtolower(end(explode('.',$file_name)));
$file_tmp = $_FILES['file']['tmp_name'];


if (in_array($file_ext, $allowed_ext) ===false){
$errors[] = 'File extension not allowed';


}


if (empty($errors)) {

if (isset($_POST['expiry'], $_FILES['file'])){

$file_name = mysql_real_escape_string($_FILES['file']['name']);

}

if(empty($_POST['expiry'])) { // Checks to see if $_POST['expiry'] is empty.

$expiry = time() + (10 * 60); // Is empty. Set expiry time to 10 minutes ( 10 * 60 seconds ).
} else {

// Is not empty.

if(!ctype_digit($_POST['expiry'])) { // Check if value is actually an Integer.

echo("Value is not an integer."); //Value is not an integer. Throw an error.

} else {

// Value is an integer.

$expiry = time() + ($_POST['expiry'] * 60); // User sets the expiry time.

}
}

mysql_query("INSERT INTO files (file_name, file_expiry) VALUES ('{$file_name}', {$expiry})");

move_uploaded_file($_FILES['file']['tmp_name'], "assets/files/{$_FILES['file']['name']}");

echo "<p>". htmlentities($_FILES['file']['name']) ." has been successfully uploaded.<p>";


} else {
foreach ($errors as $error){
echo $error,'<br /><br />';

}

}

}
?>
<div>
<form action="" method="post" enctype="multipart/form-data">
<table>

<tr>
<td><b>Set Expiry Time:</b> <input type="text" name="expiry" size="6" /> <b>Minutes Only<b></td>
</tr>

<tr>
<td><b>Choose a file:</b> <input type="file" name="file" /></td>
</tr>

<tr>
<td><input type="submit" value="Upload!" /></td>
</tr>

<tr>
<td><p><a href="file_list.php">Click here</a> to download your time sensitive file, or files.</p></td>
</tr>

</table>
</form>
</div>
</body>
</html>
[/syntax]

Here's the code layed out but I believe I'm missing an if statement as if I'm reading the code correctly both the integer error and the success message telling me the file has been uploaded are both going to show at the same time. P.S Termor don't worry I haven't been working at since 11:43pm I just don't sleep great so thought I'd pop online a post my progress.
Top
User avatar
Temor
Posts: 1186
Joined: Thu May 05, 2011 8:04 pm

Re: Temporary link Download

Post by Temor »

You shouldn't just paste the code in there. You have doubles now!

[syntax=php]<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Upload a File</title>
<style type="text/css">
table {
border-collapse:collapse;
}

table, td, th {
border:1px solid #999;
height:43px;
}
</style>
</head>
<body>
<?php

include('assets/inc/init.inc.php');

if (isset($_POST['expiry'], $_FILES['file'])){
$errors = array();
$allowed_ext = array("mp3","doc","txt","jpg","jpeg","gif","png");

$file_name = $_FILES['file']['name'];
$file_ext = strtolower(end(explode('.',$file_name)));
$file_tmp = $_FILES['file']['tmp_name'];


if (in_array($file_ext, $allowed_ext) ===false){
$errors[] = 'File extension not allowed';


}


if (empty($errors)) {

if (isset($_POST['expiry'], $_FILES['file'])){ // This if statement is identical to the one a few lines above. Merge them!

$file_name = mysql_real_escape_string($_FILES['file']['name']); // You're already doing this, but without mysql_real_escape_string, again, a few lines up.

}

if(empty($_POST['expiry'])) { // Checks to see if $_POST['expiry'] is empty. // This entire block should be put in the first if statement.

$expiry = time() + (10 * 60); // Is empty. Set expiry time to 10 minutes ( 10 * 60 seconds ).
} else {

// Is not empty.

if(!ctype_digit($_POST['expiry'])) { // Check if value is actually an Integer.

echo("Value is not an integer."); //Value is not an integer. Throw an error.

} else {

// Value is an integer.

$expiry = time() + ($_POST['expiry'] * 60); // User sets the expiry time.

}
}

mysql_query("INSERT INTO files (file_name, file_expiry) VALUES ('{$file_name}', {$expiry})");

move_uploaded_file($_FILES['file']['tmp_name'], "assets/files/{$_FILES['file']['name']}");

echo "<p>". htmlentities($_FILES['file']['name']) ." has been successfully uploaded.<p>";


} else {
foreach ($errors as $error){
echo $error,'<br /><br />';

}

}

}
?>
<div>
<form action="" method="post" enctype="multipart/form-data">
<table>

<tr>
<td><b>Set Expiry Time:</b> <input type="text" name="expiry" size="6" /> <b>Minutes Only<b></td>
</tr>

<tr>
<td><b>Choose a file:</b> <input type="file" name="file" /></td>
</tr>

<tr>
<td><input type="submit" value="Upload!" /></td>
</tr>

<tr>
<td><p><a href="file_list.php">Click here</a> to download your time sensitive file, or files.</p></td>
</tr>

</table>
</form>
</div>
</body>
</html>
[/syntax]

I swapped things around for you... This should now work:

[syntax=php]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Upload a File</title>
<style type="text/css">
table {
border-collapse:collapse;
}

table, td, th {
border:1px solid #999;
height:43px;
}
</style>
</head>
<body>
<?php

include('assets/inc/init.inc.php');

if (isset($_POST['expiry'], $_FILES['file'])){
$errors = array();
$allowed_ext = array("mp3","doc","txt","jpg","jpeg","gif","png");

$file_name = mysql_real_escape_string($_FILES['file']['name']);
$file_ext = strtolower(end(explode('.',$file_name)));
$file_tmp = $_FILES['file']['tmp_name'];


if (in_array($file_ext, $allowed_ext) ===false){
$errors[] = 'File extension not allowed';

if(empty($_POST['expiry'])) {
$expiry = time() + (10 * 60);
} else {

if(!ctype_digit($_POST['expiry'])) {
echo("Value is not an integer.");
} else {
$expiry = time() + ($_POST['expiry'] * 60);
}
}


}


if (empty($errors)) {


mysql_query("INSERT INTO files (file_name, file_expiry) VALUES ('{$file_name}', {$expiry})");

move_uploaded_file($_FILES['file']['tmp_name'], "assets/files/{$_FILES['file']['name']}");

echo "<p>". htmlentities($_FILES['file']['name']) ." has been successfully uploaded.<p>";


} else {
foreach ($errors as $error){
echo $error,'<br /><br />';

}

}

}
?>
<div>
<form action="" method="post" enctype="multipart/form-data">
<table>

<tr>
<td><b>Set Expiry Time:</b> <input type="text" name="expiry" size="6" /> <b>Minutes Only<b></td>
</tr>

<tr>
<td><b>Choose a file:</b> <input type="file" name="file" /></td>
</tr>

<tr>
<td><input type="submit" value="Upload!" /></td>
</tr>

<tr>
<td><p><a href="file_list.php">Click here</a> to download your time sensitive file, or files.</p></td>
</tr>

</table>
</form>
</div>
</body>
</html>
[/syntax]
Top
davestechuk
Posts: 26
Joined: Tue Jul 23, 2013 2:29 am

Re: Temporary link Download

Post by davestechuk »

Temor wrote:You shouldn't just paste the code in there. You have doubles now!

[syntax=php]<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Upload a File</title>
<style type="text/css">
table {
border-collapse:collapse;
}

table, td, th {
border:1px solid #999;
height:43px;
}
</style>
</head>
<body>
<?php

include('assets/inc/init.inc.php');

if (isset($_POST['expiry'], $_FILES['file'])){
$errors = array();
$allowed_ext = array("mp3","doc","txt","jpg","jpeg","gif","png");

$file_name = $_FILES['file']['name'];
$file_ext = strtolower(end(explode('.',$file_name)));
$file_tmp = $_FILES['file']['tmp_name'];


if (in_array($file_ext, $allowed_ext) ===false){
$errors[] = 'File extension not allowed';


}


if (empty($errors)) {

if (isset($_POST['expiry'], $_FILES['file'])){ // This if statement is identical to the one a few lines above. Merge them!

$file_name = mysql_real_escape_string($_FILES['file']['name']); // You're already doing this, but without mysql_real_escape_string, again, a few lines up.

}

if(empty($_POST['expiry'])) { // Checks to see if $_POST['expiry'] is empty. // This entire block should be put in the first if statement.

$expiry = time() + (10 * 60); // Is empty. Set expiry time to 10 minutes ( 10 * 60 seconds ).
} else {

// Is not empty.

if(!ctype_digit($_POST['expiry'])) { // Check if value is actually an Integer.

echo("Value is not an integer."); //Value is not an integer. Throw an error.

} else {

// Value is an integer.

$expiry = time() + ($_POST['expiry'] * 60); // User sets the expiry time.

}
}

mysql_query("INSERT INTO files (file_name, file_expiry) VALUES ('{$file_name}', {$expiry})");

move_uploaded_file($_FILES['file']['tmp_name'], "assets/files/{$_FILES['file']['name']}");

echo "<p>". htmlentities($_FILES['file']['name']) ." has been successfully uploaded.<p>";


} else {
foreach ($errors as $error){
echo $error,'<br /><br />';

}

}

}
?>
<div>
<form action="" method="post" enctype="multipart/form-data">
<table>

<tr>
<td><b>Set Expiry Time:</b> <input type="text" name="expiry" size="6" /> <b>Minutes Only<b></td>
</tr>

<tr>
<td><b>Choose a file:</b> <input type="file" name="file" /></td>
</tr>

<tr>
<td><input type="submit" value="Upload!" /></td>
</tr>

<tr>
<td><p><a href="file_list.php">Click here</a> to download your time sensitive file, or files.</p></td>
</tr>

</table>
</form>
</div>
</body>
</html>
[/syntax]

I swapped things around for you... This should now work:

[syntax=php]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Upload a File</title>
<style type="text/css">
table {
border-collapse:collapse;
}

table, td, th {
border:1px solid #999;
height:43px;
}
</style>
</head>
<body>
<?php

include('assets/inc/init.inc.php');

if (isset($_POST['expiry'], $_FILES['file'])){
$errors = array();
$allowed_ext = array("mp3","doc","txt","jpg","jpeg","gif","png");

$file_name = mysql_real_escape_string($_FILES['file']['name']);
$file_ext = strtolower(end(explode('.',$file_name)));
$file_tmp = $_FILES['file']['tmp_name'];


if (in_array($file_ext, $allowed_ext) ===false){
$errors[] = 'File extension not allowed';

if(empty($_POST['expiry'])) {
$expiry = time() + (10 * 60);
} else {

if(!ctype_digit($_POST['expiry'])) {
echo("Value is not an integer.");
} else {
$expiry = time() + ($_POST['expiry'] * 60);
}
}


}


if (empty($errors)) {


mysql_query("INSERT INTO files (file_name, file_expiry) VALUES ('{$file_name}', {$expiry})");

move_uploaded_file($_FILES['file']['tmp_name'], "assets/files/{$_FILES['file']['name']}");

echo "<p>". htmlentities($_FILES['file']['name']) ." has been successfully uploaded.<p>";


} else {
foreach ($errors as $error){
echo $error,'<br /><br />';

}

}

}
?>
<div>
<form action="" method="post" enctype="multipart/form-data">
<table>

<tr>
<td><b>Set Expiry Time:</b> <input type="text" name="expiry" size="6" /> <b>Minutes Only<b></td>
</tr>

<tr>
<td><b>Choose a file:</b> <input type="file" name="file" /></td>
</tr>

<tr>
<td><input type="submit" value="Upload!" /></td>
</tr>

<tr>
<td><p><a href="file_list.php">Click here</a> to download your time sensitive file, or files.</p></td>
</tr>

</table>
</form>
</div>
</body>
</html>
[/syntax]


Note to self don't code when half asleep lol... Code works but the files ain't showing on the file_list.php page.
Top
ScTech
Posts: 92
Joined: Sat Aug 24, 2013 8:40 pm

Re: Temporary link Download

Post by ScTech »

One small problem. Where it is validating with ctype_digit, you are using echo which won't stop it from continuing. You should set that as $errors instead of echoing it.

Have you edited file_list.php since? What does the database show when you leave it blank and when you insert a number?
<?php while(!$succeed = try()); ?>
Top
davestechuk
Posts: 26
Joined: Tue Jul 23, 2013 2:29 am

Re: Temporary link Download

Post by davestechuk »

ScTech wrote:One small problem. Where it is validating with ctype_digit, you are using echo which won't stop it from continuing. You should set that as $errors instead of echoing it.

Have you edited file_list.php since? What does the database show when you leave it blank and when you insert a number?


No, I haven't edited the file_list.php page at all. I've changed the error message its now set as $errors[] = 'Value is not an integer.'; instead of echoing. When I upload a file it uploads to the files folder but it ins't inserting the info into the mysql database table.
Top
ScTech
Posts: 92
Joined: Sat Aug 24, 2013 8:40 pm

Re: Temporary link Download

Post by ScTech »

You're missing apostrophes around $expiry in your query on upload.php
<?php while(!$succeed = try()); ?>
Top
davestechuk
Posts: 26
Joined: Tue Jul 23, 2013 2:29 am

Re: Temporary link Download

Post by davestechuk »

ScTech wrote:You're missing apostrophes around $expiry in your query on upload.php


Files is now showing in the file_list.php. but, I can't download the file as its set the date and time to the following 01/01/1970 00:00:00
Top
ScTech
Posts: 92
Joined: Sat Aug 24, 2013 8:40 pm

Re: Temporary link Download

Post by ScTech »

Please post file_list.php in case there's a difference. Also, what are the expiry values in the database both when you don't insert a number, and when you do.
<?php while(!$succeed = try()); ?>
Top
davestechuk
Posts: 26
Joined: Tue Jul 23, 2013 2:29 am

Re: Temporary link Download

Post by davestechuk »

ScTech wrote:Please post file_list.php in case there's a difference. Also, what are the expiry values in the database both when you don't insert a number, and when you do.


[syntax=php]
<?php

include('assets/inc/init.inc.php');

$files = mysql_query("SELECT file_id, file_name, file_expiry FROM files");

?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>File List</title>
</head>
<style type="text/css">
table { border-collapse:collapse; width:600px; }
td, th {border: solid 1px #999; padding: 4px;}
</style>
<body>
<table>
<tr>
<th>File Name:</th>
<th>Expiry:</th>

</tr>

<?php

while(($row = mysql_fetch_assoc($files))!==false ){
?>
<tr>
<td><a href="download.php?file_id=<?php echo $row['file_id'] ?>"><?php echo $row['file_name']; ?></a></td>
<td><?php echo date('d/m/Y H:i:s', $row['file_expiry']); ?></td>

</tr>

<?php
}
?>
</table>
</body>
</html>
[/syntax]

When you insert data the expiry time shows as 0 and when you upload a file from the upload.php page the time and date are set as 01/01/1970 00:00:00. P.S file_expiry is set to a int with a value of 10 in the mysql database.
Top
User avatar
Temor
Posts: 1186
Joined: Thu May 05, 2011 8:04 pm

Re: Temporary link Download

Post by Temor »

Could you post all the code you have now, so I can get an overview?
Top
davestechuk
Posts: 26
Joined: Tue Jul 23, 2013 2:29 am

Re: Temporary link Download

Post by davestechuk »

Temor wrote:Could you post all the code you have now, so I can get an overview?


File Name: init.inc.php
[syntax=php]
<?php
mysql_connect('localhost','username','password');
mysql_select_db('database');
?>
[/syntax]

File Name: upload.php
[syntax=php]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Upload a File</title>
<style type="text/css">
table {
border-collapse:collapse;
}

table, td, th {
border:1px solid #999;
height:43px;
}
</style>
</head>
<body>
<?php

include('assets/inc/init.inc.php');

if (isset($_POST['expiry'], $_FILES['file'])){
$errors = array();
$allowed_ext = array("mp3","doc","txt","jpg","jpeg","gif","png");

$file_name = mysql_real_escape_string($_FILES['file']['name']);
$file_ext = strtolower(end(explode('.',$file_name)));
$file_tmp = $_FILES['file']['tmp_name'];


if (in_array($file_ext, $allowed_ext) ===false){
$errors[] = 'File extension not allowed';

if(empty($_POST['expiry'])) {
$expiry = time() + (10 * 60);
} else {

if(!ctype_digit($_POST['expiry'])) {
$errors[] = 'Value is not an integer.';
} else {

$expiry = time() + ($_POST['expiry'] * 60);

}
}


}


if (empty($errors)) {


mysql_query("INSERT INTO files (file_name, file_expiry) VALUES ('{$file_name}','{$expiry}')");

move_uploaded_file($_FILES['file']['tmp_name'], "assets/files/{$_FILES['file']['name']}");

echo "<p>". htmlentities($_FILES['file']['name']) ." has been successfully uploaded.<p>";


} else {
foreach ($errors as $error){
echo $error,'<br /><br />';

}

}

}
?>
<div>
<form action="" method="post" enctype="multipart/form-data">
<table>

<tr>
<td><b>Set Expiry Time:</b> <input type="text" name="expiry" size="6" /> <b>Minutes Only<b></td>
</tr>

<tr>
<td><b>Choose a file:</b> <input type="file" name="file" /></td>
</tr>

<tr>
<td><input type="submit" value="Upload!" /></td>
</tr>

<tr>
<td><p><a href="file_list.php">Click here</a> to download your time sensitive file, or files.</p></td>
</tr>

</table>
</form>
</div>
</body>
</html>
[/syntax]

File Name: file_list.php
[syntax=php]
<?php

include('assets/inc/init.inc.php');

$files = mysql_query("SELECT file_id, file_name, file_expiry FROM files");

?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>File List</title>
</head>
<style type="text/css">
table { border-collapse:collapse; width:600px; }
td, th {border: solid 1px #999; padding: 4px;}
</style>
<body>
<table>
<tr>
<th>File Name:</th>
<th>Expiry:</th>

</tr>

<?php

while(($row = mysql_fetch_assoc($files))!==false ){
?>
<tr>
<td><a href="download.php?file_id=<?php echo $row['file_id'] ?>"><?php echo $row['file_name']; ?></a></td>
<td><?php echo date('d/m/Y H:i:s', $row['file_expiry']); ?></td>

</tr>

<?php
}
?>
</table>
</body>
</html>
[/syntax]

File Name: download.php
[syntax=php]
<?php

include('assets/inc/init.inc.php');

if (isset($_GET['file_id'])){
$file_id = (int)$_GET['file_id'];


$files = mysql_query("SELECT file_name, file_expiry FROM files WHERE file_id={$file_id}");

if (mysql_num_rows($files) !=1){

echo "Invalid File ID";
}else{

$row = mysql_fetch_assoc($files);

if($row['file_expiry'] < time())
{
echo "This file has now expired. Please contact the administrator for more details.";
}
else
{
$path = "assets/files/{$row['file_name']}";
header("Content-Type: application/octetstream");
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=\"{$row['file_name']}\"");
header("Content-Length: ". filesize($path));
readfile($path);
}
}
}
?>
[/syntax]

File Name: files.sql
[syntax=php]
CREATE TABLE IF NOT EXISTS `files` (
`file_id` int(6) NOT NULL AUTO_INCREMENT,
`file_name` varchar(255) NOT NULL,
`file_expiry` int(10) NOT NULL,
PRIMARY KEY (`file_id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
[/syntax]
Top
ScTech
Posts: 92
Joined: Sat Aug 24, 2013 8:40 pm

Re: Temporary link Download

Post by ScTech »

Weird. Tested to make sure $expiry worked and it displays the correct time for me. And you said that file_expiry column is showing a 0, but only when you insert a number?
<?php while(!$succeed = try()); ?>
Top
User avatar
Temor
Posts: 1186
Joined: Thu May 05, 2011 8:04 pm

Re: Temporary link Download

Post by Temor »

What happens if you remove the quotes around $expiry in your upload query?
[syntax=php] mysql_query("INSERT INTO files (file_name, file_expiry) VALUES ('{$file_name}','{$expiry}')");[/syntax]
[syntax=php] mysql_query("INSERT INTO files (file_name, file_expiry) VALUES ('{$file_name}',{$expiry})");[/syntax]

It is, after all, an integer, and should be treated as such. Maybe SQL thinks you're trying to insert a string and defaults to 0.
Top
Post Reply

Return to “PHP”