Need help creating zip file with PHP

Hi,

I have created an event site which has an image uploader which creates a directory for the images for each event. Admin users then need to be able to log in to the back end and download these events as zip files. So, basically, I need to know how to create a zip file from a directory.

The images are already in there, I just need to know how to create www.domain.com/event-images.zip from www.domain.com/event-images.

Any help is greatly appreciated

Thanks


$zip = new ZipArchive();
foreach ($images as $image)
{
    $zip->addFile($image)
}

if you have shell access you can use shell_exec() to zip the file.


shell_exec('zip -r /home/path/to/save/zip/at/zip-file-name.zip /home/path/of/folder/to/zip/')

This code would zip the entire folder and save it at a location (specified by you)

Of course if you don’t have shell access this is of no help. Also you should consider the security implications before using this function.

Such as?

Well, not sure the full extent, I’m definitely no security guru. Mainly that you don’t want to take any un-clean user input and run it through shell_exec(). Also you should recognize that shell_exec() is a very powerful function and if used incorrectly you could do some major damage to your server.

Also, depending on what user you are using with shell_exec to login to your server you essentially have that users login info stored in a php file. Should php cease to function on your server for whatever reason this file could be served in a text format exposing your login to the world (well, really anyone who happens upon this page while php is down). Also anyone who has ftp access to your server could download the php file and see your login creds.

My point was that this function should be used with care and that you should know what it is capable of before using or playing around with it. Maybe I didn’t quite word it properly in my first post.

That would only be a problem if the user wrote the command, but the user isn’t. In this case, shell_exec() is no more insecure than letting the user edit your PHP.

Also you should recognize that shell_exec() is a very powerful function and if used incorrectly you could do some major damage to your server.

No it can’t. Not when run with PHP’s permission level.

Also, depending on what user you are using with shell_exec to login to your server you essentially have that users login info stored in a php file. Should php cease to function on your server for whatever reason this file could be served in a text format exposing your login to the world (well, really anyone who happens upon this page while php is down). Also anyone who has ftp access to your server could download the php file and see your login creds.

This is just plain wrong.

Thanks AlienDev,

How do I specify where on the server to store the zip file?