I'm trying to create download buttons so that users can download pdf-files on the click of a button. I have this:
<?php
session_start(); // Alltid överst på sidan
if(!isset($_SESSION['sess_id']) OR $_SESSION['sess_id'] < 1){
die("Skapa ett konto som investerare för att enkelt få tillgång till affärsplaner!");
}else if(is_numeric($_SESSION['sess_id'])) {
/* kolla om användaren försöker ange filer i en annan mapp */
if(substr_count($_GET['file'], "/") > 0){
die("Invalid path"); }
/* skapa fullständig sökväg till filen */
$file = '/server/php/files/' . $_GET['file'];
/* kolla om filen finns */
if(!file_exists($file))
{
die("Invalid filename");
}
and it's giving me a "Invalidfile name" message..
however,
When I echo $file; and copy the path to my browser(+localhost in front) it serves me the download dialogue that I'm looking for. Any ideas on what I'm doing wrong?
output of echo $file
/server/php/files/roibay-business-plan.pdf
and "server" is a folder in my root folder.
I've set up localhost with mamp and I've created an alias which is lab.local and so the filepath I'm talking about is: lab.local/server/php/files/somefile.pdf and when I enter that into the webbrowser the dialogue pops up but file_exists does not validate that path
That means that the server directory is not your root. Try this:
file_exists($_SERVER{'DOCUMENT_ROOT'} . "/server/php/files/roibay-business-plan.pdf"))