Error in Downloading the text file

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • jyaseen
    New Member
    • Feb 2010
    • 21
    #1

    Error in Downloading the text file

    I used the follwing code to download the text file from my server location.

    my php file to read the following code name is contacts.php
    it is downloading the text file but , this text file includes the script of contacts.php too
    Code:
    $select_group = $_REQUEST[select_group];
/*echo "file name ".	$select_file = $_FILES['frm_file']['name'];*/
	if($select_group == 1){
		$qry_contacts = "select eml_id from tbl_contacts  ";
	}else{
		$qry_contacts = "select eml_id from tbl_contacts where ctc_grp_name = '$select_group'";
	}
	$res_contacts = mysql_query($qry_contacts);
	$ctr_contacts = mysql_num_rows($res_contacts);
	$write_to_file ="";
	for($i=0;$i<$ctr_contacts;$i++){
			if($write_to_file ==""){
					$write_to_file = mysql_result($res_contacts,$i,eml_id);
			}else{
					$write_to_file .= ",".mysql_result($res_contacts,$i,eml_id);
			}
	}	 
//	if($select_file ==""){
		$outputfile = "/location of file/output.txt";
//	}else{
	//	$outputfile = $select_file;	
	//}
	if(!is_writable($outputfile)) {		
		$file_message_flag = true;
		$file_message = "Error in permissions";
	}else{
		$file2 = fopen($outputfile,"w");	
		if(!$file2){			
			$file_message_flag = true;
			$file_message = "Error writing to the output file.\n";			
		}else {
			fwrite($file2,$write_to_file);
			fclose($file2);
			//$file_message_flag = true;
			//$file_message = "E-mail ids Successfully Imported..";
			
			
		}
	}




include("../include/global.php");
$file_value = "output.txt";

define('ALLOWED_REFERRER', '');

// Download folder, i.e. folder where you keep all files for download.
// MUST end with slash (i.e. "/" )
define('BASE_DIR','location to the directory');

// log downloads?  true/false
define('LOG_DOWNLOADS',true);

// log file name
define('LOG_FILE','downloads.log');

// Allowed extensions list in format 'extension' => 'mime type'
// If myme type is set to empty string then script will try to detect mime type 
// itself, which would only work if you have Mimetype or Fileinfo extensions
// installed on server.
$allowed_ext = array (

  // archives
  'zip' => 'application/zip',

  // documents
  'txt' => 'application/txt',
  'pdf' => 'application/pdf',
  'doc' => 'application/msword',
  'xls' => 'application/vnd.ms-excel',
  'ppt' => 'application/vnd.ms-powerpoint',
  
  // executables
  'exe' => 'application/octet-stream',

  // images
  'gif' => 'image/gif',
  'png' => 'image/png',
  'jpg' => 'image/jpeg',
  'jpeg' => 'image/jpeg',

  // audio
  'mp3' => 'audio/mpeg',
  'wav' => 'audio/x-wav',

  // video
  'mpeg' => 'video/mpeg',
  'mpg' => 'video/mpeg',
  'mpe' => 'video/mpeg',
  'mov' => 'video/quicktime',
  'avi' => 'video/x-msvideo'
);



####################################################################
###  DO NOT CHANGE BELOW
####################################################################

// If hotlinking not allowed then make hackers think there are some server problems
if (ALLOWED_REFERRER !== ''
&& (!isset($_SERVER['HTTP_REFERER']) || strpos(strtoupper($_SERVER['HTTP_REFERER']),strtoupper(ALLOWED_REFERRER)) === false)
) {
  die("Internal server error. Please contact system administrator.");
}

// Make sure program execution doesn't time out
// Set maximum script execution time in seconds (0 means no limit)
set_time_limit(0);

if (!isset($file_value) || empty($file_value)) {
  die("Please specify file name for download.");
}

// Get real file name.
// Remove any path info to avoid hacking by adding relative path, etc.
$fname = basename($file_value);

// Check if the file exists
// Check in subfolders too
function find_file ($dirname, $fname, &$file_path) {

  $dir = opendir($dirname);

  while ($file = readdir($dir)) {
    if (empty($file_path) && $file != '.' && $file != '..') {
      if (is_dir($dirname.'/'.$file)) {
        find_file($dirname.'/'.$file, $fname, $file_path);
      }
      else {
        if (file_exists($dirname.'/'.$fname)) {
          $file_path = $dirname.'/'.$fname;
          return;
        }
      }
    }
  }

} // find_file

// get full file path (including subfolders)
$file_path = '';
find_file(BASE_DIR, $fname, $file_path);

if (!is_file($file_path)) {
  die("File does not exist. Make sure you specified correct file name."); 
}

// file size in bytes
$fsize = filesize($file_path); 

// file extension
$fext = strtolower(substr(strrchr($fname,"."),1));

// check if allowed extension
if (!array_key_exists($fext, $allowed_ext)) {
  die("Not allowed file type."); 
}

// get mime type
if ($allowed_ext[$fext] == '') {
  $mtype = '';
  // mime type is not set, get from server settings
  if (function_exists('mime_content_type')) {
    $mtype = mime_content_type($file_path);
  }
  else if (function_exists('finfo_file')) {
    $finfo = finfo_open(FILEINFO_MIME); // return mime type
    $mtype = finfo_file($finfo, $file_path);
    finfo_close($finfo);  
  }
  if ($mtype == '') {
    $mtype = "application/force-download";
  }
}
else {
  // get mime type defined by admin
  $mtype = $allowed_ext[$fext];
}

// Browser will try to save file with this filename, regardless original filename.
// You can override it if needed.

if (!isset($_GET['fc']) || empty($_GET['fc'])) {
  $asfname = $fname;
}
else {
  // remove some bad chars
  $asfname = str_replace(array('"',"'",'\\','/'), '', $_GET['fc']);
  if ($asfname === '') $asfname = 'NoName';
}

// set headers
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Type: $mtype");
//header("Content-Type: application/txt");
header("Content-Disposition: attachment; filename=\"$asfname\"");
//header("Content-Disposition: attachment; filename=\"".basename($filename)."\";" );
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . $fsize);


 
//header("Content-Length: " .filesize($filename));
//readfile(basename($filename));
// download
// @readfile($file_path);
$file = @fopen($file_path,"rb");
if ($file) {
  while(!feof($file)) {
    print(fread($file, 1024*8));
    flush();
    if (connection_status()!=0) {
      @fclose($file);
      die();
    }
  }
  @fclose($file);
}

// log downloads
if (!LOG_DOWNLOADS) die();

$f = @fopen(LOG_FILE, 'a+');
if ($f) {
  @fputs($f, date("m.d.Y g:ia")."  ".$_SERVER['REMOTE_ADDR']."  ".$fname."\n");
  @fclose($f);
}
    I attached the output text file with this
    Tags: None
    • Atli
      Recognized Expert Expert
      • Nov 2006
      • 5062
      #2
      Hey.

      I don't see a reference to that file anywhere in this code. How exactly are they related?

      I attached the output text file with this
      No you didn't :)

        Comment

        • jyaseen
          New Member
          • Feb 2010
          • 21
          #3
          Originally posted by Atli
          Hey.

          I don't see a reference to that file anywhere in this code. How exactly are they related?


          No you didn't :)
          Can you help me how to attach a text file with this

            Comment

            • jyaseen
              New Member
              • Feb 2010
              • 21
              #4
              Below is the output of my text file - output.txt

              user1@exampl.co m,user2@example .com
              I expect only above email ids, but below script also it displays...

              Code:
              <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html 

xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Contacts</title>
<link 

href="../css/css_rahma.css" type="text/css" rel="stylesheet" />
<link rel="stylesheet" href="assets/style.css" type="text/css" media="all"  />
<script 

language="javascript" type="text/javascript">
	function ajaxFunction(){ 
		var ajaxRequest;
		try{
			ajaxRequest = 

new XMLHttpRequest();	
		}catch(e){
			try{
				ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");	

			
			}catch(e){
				try{
					ajaxRequest = new 

ActiveXObject("Microsoft.XMLHTTP");	
				}catch(e){.................
.......................
              Last edited by Atli; Mar 4 '10, 01:56 PM. Reason: Added [code] tags.

                Comment

                • Atli
                  Recognized Expert Expert
                  • Nov 2006
                  • 5062
                  #5
                  You aren't wrapping the download script in HTML, are you?

                  Anything that is in the page that sends the text file is sent, not just the file itself. To put it differently; the PHP script doesn't send the text file, it is the text file. Anything that is inside it, or is included inside it, will be included in the file you receive.

                    Comment

                    • jyaseen
                      New Member
                      • Feb 2010
                      • 21
                      #6
                      Originally posted by Atli
                      You aren't wrapping the download script in HTML, are you?

                      Anything that is in the page that sends the text file is sent, not just the file itself. To put it differently; the PHP script doesn't send the text file, it is the text file. Anything that is inside it, or is included inside it, will be included in the file you receive.
                      can you give a detailed replay , I don't understand what you mean by 'wrapping the download script in HTML'
                      Attached Files

                        Comment

                        • Atli
                          Recognized Expert Expert
                          • Nov 2006
                          • 5062
                          #7
                          [code=php]<?php
                          header('content-type: text/plain');
                          ?>
                          <html>
                          <head><title>Th is is HTML!</title></head>
                          <body>
                          <?php
                          passthru('mytex tfile.txt');
                          ?>
                          </body>
                          </html>[/code]
                          This is PHP code wrapped in HTML. This would appear as a text-file, but include the HTML. - If you wanted only to get the text from the file, you would need to get rid of the HTML
                          [code=php]<?php
                          header('content-type: text/plain');
                          passthru('mytex tfile.txt');
                          ?>[/code]

                            Comment

                            • jyaseen
                              New Member
                              • Feb 2010
                              • 21
                              #8
                              below is the code executing while pressing the button 'btn_export'
                              output of this script should be - only the selected email ids to download to text file output.txt
                              can you please check any mistake in this code.?
                              Code:
                              if(isset($_REQUEST[btn_export])){  
	$select_group = $_REQUEST[select_group]; // select_group is a list box to select the choice 
	if($select_group == 1){
		$qry_contacts = "select eml_id from tbl_contacts  ";
	}else{
		$qry_contacts = "select eml_id from tbl_contacts where ctc_grp_name = '$select_group'";
	}
	$res_contacts = mysql_query($qry_contacts);
	$ctr_contacts = mysql_num_rows($res_contacts);
	$write_to_file ="";
	for($i=0;$i<$ctr_contacts;$i++){
			if($write_to_file ==""){
					$write_to_file = mysql_result($res_contacts,$i,eml_id);
			}else{
					$write_to_file .= ",".mysql_result($res_contacts,$i,eml_id);
			}
	}	 
//	if($select_file ==""){
		$outputfile = "/path to text file/output.txt";
//	}else{
	//	$outputfile = $select_file;	
	//}
	if(!is_writable($outputfile)) {		
		$file_message_flag = true;
		$file_message = "Permission error ";
	}else{
		$file2 = fopen($outputfile,"w");	
		if(!$file2){			
			$file_message_flag = true;
			$file_message = "Error writing to the output file.\n";			
		}else {
			fwrite($file2,$write_to_file);
			fclose($file2);
			//$file_message_flag = true;
			//$file_message = "E-mail ids Successfully Imported..";
			$file = '/path to text file/output.txt';
			header('Content-type: text/plain');
			header('Content-Length: '.filesize($file));
			header('Content-Disposition: attachment; filename='.$file);
			//readfile($file);
			passthru($file); 
		}
	}
}
                              Last edited by Atli; Mar 6 '10, 07:33 PM. Reason: Use [code] tags when posting code!

                                Comment

                                • Atli
                                  Recognized Expert Expert
                                  • Nov 2006
                                  • 5062
                                  #9
                                  Overall, that code should not output any sort of HTML, only the text file.

                                  There are a couple of things, though, that you may need to fix.
                                  • On lines #38-41 you use a $file variable. I don't see that defined anywhere. Are you sure you don't mean to use the $outputfile variable there?
                                  • When you specify array element names as strings, they should be quoted, just like any other string. (See lines #1 and #2 in your code)
                                    If they are not, PHP will generate a error notice. (Which will be printed as HTML by default.)
                                    [code=php]<?php
                                    // This is WRONG!
                                    $_REQUEST[something]

                                    // It should be like this:
                                    $_REQUEST['something']
                                    ?>[/code]


                                  Also, you should check out SQL Injection and the mysql_real_esca pe_string function. - You should never pass user input directly into a SQL query without verifying that it is in fact the data you are expecting. - Failing to do so may cause problems ranging from your query failing due to invalid syntax, to you losing your entire database.

                                    Comment

                                    Previous template Next
                                    Working...