PHP文件下载停止

时间:2012-11-09 04:01:52

标签: php download

我正在编写一个经过许可验证的基本PHP下载脚本。目标文件大约50MB,适用于某些人。其他人无法完成它,有时重试它有效。

这是脚本:

$method = $_GET['method'];
    if($method == "webdownload") {
        $airlineid = $_GET['airline'];

        $sql = "SELECT * FROM airlines WHERE airlineid='$airlineid'";   
        $result = mysql_query($sql) or die(mysql_error());
        $row = mysql_fetch_array($result);
        if($row['licensekey'] == "")
            die("Invalid airline id");

        $filename = $row['code'].'_installer.exe';
        $file_path = '../resources/application/files/'.$row['airlineid'].'/'.$row['clientversion'].'/application_installer.exe';
        if($row['licensestate'] != "OK")
            die("The license associated with this downloaded has been deauthorized.");

        if(!is_file($file_path))
            die("The file associated with this version for this airline appears to be invalid.");
        //download code here - it runs once only, if refreshed it will not allow it.                

        header('Content-type: application/exe');
        header("Content-Disposition: attachment; filename=".$filename);
        header("Content-Length: ".filesize($file_path));
        header("Content-Transfer-Encoding: binary");    

        header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
        header('Pragma: public');   

        //header('X-Sendfile: '.$file_path); I tried this - it had no effect and I want the portability.

        $file = @fopen($file_path,"rb");
        while(!feof($file)) {           
            $buffer = fread($file, 1024 * 8);
            print($buffer);
            flush();            
        }
        close($file);       
    }

编辑:根据建议,我发现该脚本非常容易受到SQL注入攻击。我已经使用这个函数替换了直接变量SQL表达式:

        function secure_string($raw) {
    $sid = strtolower($raw);
    $sid = str_replace("'","_SINGLE_QUOTE", $sid);
    $sid = str_replace('"','_DOUBLE_QUOTE', $sid);


    $cmd[0] = "insert";
    $cmd[1] = "select";
    $cmd[2] = "union";
    $cmd[3] = "delete";
    $cmd[4] = "modify";
    $cmd[5] = "replace";
    $cmd[6] = "update";
    $cmd[7] = "create";
    $cmd[8] = "alter";


    for($index = 0; $index <= 8; $index++) {
        $sid = str_replace($cmd[$index],"_SQL_COMMAND", $sid);
    }

    return $sid;        
}

这足以阻止SQL注入吗?

EDIT2:我已将此功能与PDO准备功能结合使用以消除此漏洞。感谢100x让我学习本课而不会带来灾难性的后果。

1 个答案:

答案 0 :(得分:0)

readfile()是一个将整个文件一次性放入缓冲区的函数。可能会阻止PHP超时。使用它而不是底部的fopen()print()循环。

另一种解决方案是查看您的服务器是否有mod_x_sendfile,因为这会将PHP下载到apache内部。

编辑:我注意到你说你尝试过sendfile。如果能让它发挥作用,可能是更好的选择。

相关问题
最新问题