Home/ Questions/Q 8937433
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T10:24:51+00:00

Whenever I use this script to download a file, I can’t see the total

  • 0

Whenever I use this script to download a file, I can’t see the total size and the speed while downloading… I want to to make it look more like the ‘direct download link’. The purpose of this script is to hide the direct download link restrict direct downloading and other download behavior, like bots. Think of mediafire, rapidshare, megaupload etc.

The script we have now works but is not displayed as how it is displayed when you download from a normal download link, I will post a screenshot of what’s happening:
enter image description here

I hope this screenshot helps, because I’ve searched the internet for hours and can’t seem to find a solution to this :(.

if (isset($_GET['file'])){
   $file = $_GET['file'];
   $path = '/home/user/domains/domain.com/files/upload/';
   $filepath = $path.$file;

   if (file_exists($filepath)){

    set_time_limit(0); // for slow connections

    header('Content-Description: File Transfer');
    header("Content-Disposition: attachment; filename=\"$file\"");
    header('Content-Type: application/octet-stream');
    header('Content-Transfer-Encoding: binary');
    header('Content-Length: ' . filesize($filepath));
    header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
    header('Pragma: public');
    header('Expires: 0');

    readfile($filepath); // send file to client 
   } 
   else{
    header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found", true, 404); 
   }
  }else{
   header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found", true, 404); 
  }
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Is the content being compressed at the server level with mod_deflate or something similar?

    This has been answered here:
    Sending correct file size with PHP download script

    “If you compress files with Zlib, mod_deflate and so on the Content-Length header won’t be accurate so you’ll end up seeing “Unknown size” and “Unknown time remaining” when downloading files.”

    “You can easily disable it for a single script using the following line in an applicable .htaccess file:

    SetEnvIfNoCase Request_URI ^/download.php no-gzip dont-vary
    where download.php is here assumed to be in the download script located in the server’s root directory path (e.g. http://www.crimsonbase.com/download.php). (That’s because the regular expression is ^/download.php.)”

    Also, please note that your script is insecure. Someone could effectively send the following get parameter for _GET[‘file’]

    ../../../../../Documents/MyStuff

    and it will override your $path restriction entirely.

    Suggest stripping out any .. references in the path.

    • 0