i have a problem here is my script for downloading a file but i receive "invalid request" message.............................................. why???
$file = 'var/www/html/share/files/'.$_GET['filename'];
if (is_readable ($file)) {
$fsize = $row[size];
$path_parts = pathinfo($file);
$ext = strtolower($path_parts["extension"]);
$ctype="video/".$ext;
header("Content-type: ".$ctype);
header("Content-Disposition: attachment; filename=\"".$path_parts["basename"]."\"");
header("Content-length: $fsize");
header("Cache-control: private"); //use this to open files directly
readfile($file);
exit;
} else {
die("Invalid request");
}
You receive that message because the code you wrote displays that message.
Apparently, this results in a false value:
if (is_readable ($file))
You're setting the value of $file here:
$file = 'var/www/html/share/files/'.$_GET['filename'];
It's very likely that you meant to prepend that with a root folder:
$file = '/var/www/html/share/files/'.$_GET['filename'];
Otherwise you're looking for the file in a folder called var relative to the current folder, which is unlikely.
Also, note that what you're doing is very bad practice. With this code any user can request any file from your computer. For example, what if filename in the GET request is this:
../../../../../etc/passwd