SitePoint Sponsor

User Tag List

Results 1 to 12 of 12
  1. #1
    SitePoint Wizard Zaggs's Avatar
    Join Date
    Feb 2005
    Posts
    1,051
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Using PHP to download software

    Hi Guys,

    I am creating an auto upgrade script for an application that I have written.

    The key to the upgrade script is having a function that will automatically download a ZIP file to the public_html directory on the users server.

    How can I do this using PHP? I would also like to do it without using functions that require special permissions such as exec().

    Please help

  2. #2
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2008
    Posts
    5,757
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    copy()

  3. #3
    SitePoint Wizard Zaggs's Avatar
    Join Date
    Feb 2005
    Posts
    1,051
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by crmalibu View Post
    copy()
    I didn't realise that copy() supported urls - okay that's working.

    Now, for my next question;

    What is the best way to keep a zip file safe on a server? For example, I only want my PHP script to be able to download the ZIP file. I do not want any third party users downloading the ZIP in their browser or creating third party scripts to download the ZIP.

    How can I achieve this?

  4. #4
    SitePoint Wizard
    Join Date
    Mar 2002
    Location
    Bristol, UK
    Posts
    2,240
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Store it outside of the web root and use readfile() to send it to the script. The readfile() function can come after whatever logic you want to use to authenticate your script, such as the inclusion of a secret key with the request.

    Edit: or if you can't store it outside web root, put it in a .htpasswd protected folder.

  5. #5
    SitePoint Wizard Zaggs's Avatar
    Join Date
    Feb 2005
    Posts
    1,051
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by SJH View Post
    Store it outside of the web root and use readfile() to send it to the script. The readfile() function can come after whatever logic you want to use to authenticate your script, such as the inclusion of a secret key with the request.

    Edit: or if you can't store it outside web root, put it in a .htpasswd protected folder.
    I can't store it outside web root as the PHP script will be located on a different server from the ZIP file. So the best option would be to use .htpasswd protected folder?

  6. #6
    SitePoint Wizard
    Join Date
    Mar 2002
    Location
    Bristol, UK
    Posts
    2,240
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well, no. I don't think I explained my idea very well in my last post, so I apologise for that.

    What I meant was, you put a PHP script on the same server as the ZIP file. The PHP script acts as the interface for the ZIP file, in other words, it decides using some arbitrary authentication logic whether the request is a valid one and whether it wants to serve the ZIP file or not. This PHP script can then use the readfile() function to output the file. If you were feeling clever you could even use mod_rewrite to disguise the PHP script as a ZIP file, but that's another topic for another day...

    The PHP script on the other server (PHP script #2) would then need to send a request to PHP script #1, sending whatever authentication data the script requires to return the ZIP file.

    Are you with me?

  7. #7
    SitePoint Wizard Zaggs's Avatar
    Join Date
    Feb 2005
    Posts
    1,051
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by SJH View Post
    Well, no. I don't think I explained my idea very well in my last post, so I apologise for that.

    What I meant was, you put a PHP script on the same server as the ZIP file. The PHP script acts as the interface for the ZIP file, in other words, it decides using some arbitrary authentication logic whether the request is a valid one and whether it wants to serve the ZIP file or not. This PHP script can then use the readfile() function to output the file. If you were feeling clever you could even use mod_rewrite to disguise the PHP script as a ZIP file, but that's another topic for another day...

    The PHP script on the other server (PHP script #2) would then need to send a request to PHP script #1, sending whatever authentication data the script requires to return the ZIP file.

    Are you with me?
    Okay this makes much more sense!

    Do you have any links to articles that will educate me regarding the "arbitrary authentication logic" ? I just want to make this as secure as possible.

    Thanks in advance.

  8. #8
    SitePoint Wizard
    Join Date
    Mar 2002
    Location
    Bristol, UK
    Posts
    2,240
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm afraid I don't have any such links, but I'm happy to provide a couple of pointers.

    The simplest solution would be for PHP Script #1 to require a password to be appended to the request URL. So PHP Script #2 would send a request to http://www.example.com/zipfile.php?password=topsecret. Script #1 would then check the authenticity of the password and then send the file if correct.

    Honestly though, I don't know enough about your situation to be able to say whether this would be suitable or not.

  9. #9
    SitePoint Wizard Zaggs's Avatar
    Join Date
    Feb 2005
    Posts
    1,051
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by SJH View Post
    I'm afraid I don't have any such links, but I'm happy to provide a couple of pointers.

    The simplest solution would be for PHP Script #1 to require a password to be appended to the request URL. So PHP Script #2 would send a request to http://www.example.com/zipfile.php?password=topsecret. Script #1 would then check the authenticity of the password and then send the file if correct.

    Honestly though, I don't know enough about your situation to be able to say whether this would be suitable or not.
    Okay all of this makes sense. Now the only trouble I am having is how to get PHP script#1 to actually serve the zip file if the password is correct?

  10. #10
    SitePoint Wizard
    Join Date
    Mar 2002
    Location
    Bristol, UK
    Posts
    2,240
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Check out the PHP function readfile()

  11. #11
    SitePoint Wizard Zaggs's Avatar
    Join Date
    Feb 2005
    Posts
    1,051
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by SJH View Post
    Check out the PHP function readfile()
    Would I use readfile() in script #1 or 2

  12. #12
    SitePoint Wizard
    Join Date
    Mar 2002
    Location
    Bristol, UK
    Posts
    2,240
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    In script #1.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •