Merge function into main download page

General PHP Help
#1

I’d like to merge the following function into my main download page but can’t figure out how to do it. I’ve modified the main download page to do the actual downloads but how to manage making the database entries for each download is the problem. I guess I could use a case statement at the end of download.php to set $l_filename then run the pdo sql code.

mydownloader.php - Currently located in download directory

<?php

$php_scripts = '../../php/';
require $php_scripts . 'PDO_Connection_Select.php';
require $php_scripts . 'GetUserIpAddr.php';
function mydloader($l_filename=NULL)

{
$ip = GetUserIpAddr();
if (!$pdo = PDOConnect("foxclone_data"))
{    
    exit;
}
        $ext = pathinfo($l_filename, PATHINFO_EXTENSION);
        $stmt = $pdo->prepare("INSERT INTO download (address, filename,ip_address) VALUES (?, ?, inet_aton('$ip'))");
        $stmt->execute([$ip, $ext]) ; 

        $test = $pdo->query("SELECT lookup.id FROM lookup WHERE inet_aton('$ip') >= lookup.ipstart AND inet_aton('$ip') <= lookup.ipend");
        $ref = $test->fetchColumn();
        $ref = intval($ref);

        $stmt = $pdo->prepare("UPDATE download SET lookup_id = '$ref' WHERE address = '$ip'");
        $stmt->execute() ;         
      }
        
    else {
        echo "isset failed";
        }  
}
mydloader($_GET["f"]);
exit;

download.php - Currently located in public_html directory of website

  <?PHP require_once("header.php"); ?>
</head>
 <body>
  <?PHP require_once("navbar.php"); ?>

<!--==================================================================== 
                              Download
 =======================================================================-->
<?php
$php_scripts = '../php/';
require $php_scripts . 'PDO_Connection_Select.php';

if (!$pdo = PDOConnect("foxclone_data"))
{    
    exit;
}
   $test = $pdo->query("SELECT filename FROM files WHERE id =1");
   $isoname = $test->fetchColumn();
    
   $test = $pdo->query("SELECT md5 FROM files WHERE id =1");
   $md5file = $test->fetchColumn();

   $test = $pdo->query("SELECT filename FROM files WHERE id =2");
   $pdfname = $test->fetchColumn();

   $test = $pdo->query("SELECT filename FROM files WHERE id =3");
   $debname = $test->fetchColumn();

   $test = $pdo->query("SELECT md5 FROM files WHERE id =3");
   $debmd5 = $test->fetchColumn();

   $test = $pdo->query("SELECT filename FROM files WHERE id =4");
   $srcname = $test->fetchColumn();

   $test = $pdo->query("SELECT md5 FROM files WHERE id =4");
   $srcmd5 = $test->fetchColumn();

   $test = $pdo->query("SELECT filename FROM files WHERE id =5"); 
   $debfile = $test->fetchColumn();
?>

  <div class="head__h1">FoxClone Download Page</div>
    <div class ="download">
          <div class="down__row">
         <div class="down__column" style="background-color:#ddd;">
                <div class="part__head">Get the "<?php echo "{$isoname}";?>"  file (approx. 660MB)</div><br>
                      <a href="download/{$isoname}";?>"><center><img src="images/download.png" style="height:44px; width:144px;"  alt="download iso"> </center></a> <br />                 
            <div class="part__head">The MD5sum is:  <?php echo "{$md5file}";?> </div> <br/>
            
                          <hr>                                           
               <div class="part__head">Read or Download the Installation and Use Instructions </div><br>
               <a href="<?php echo "download/{$pdfname}";?>"><center><img src="images/download.png" style="height:44px; width:144px;" alt="download manual"></center></a><br>                          
                         <hr>
               <div class="part__head">How To Install To A USB/CD</div>
                 <div class="down__text">1. Download the iso file <br />
                                2.<span class="tab">a. If burning to a USB stick use the USB image writer that comes with your distribution. </span> <br />
                     <span class="tab3">b. If burning to a CD, there are many Linux utilities, xfburn is one of the simplest. Install from your software 
manager/centre if not installed.</span>
                 </div>
               
                      <hr>
               <div class="part__head">How To Boot The USB/CD</div>
                 <div class="down__text">At the manufacturer’s splash screen, press the key to get into the boot menu. This key varies across PCs, as an example for a Lenovo Thinkpad it is F12. Consult your user manual to find out what the key is or google. Do not confuse the boot menu with the boot priority order       settings in BIOS. The boot menu is a one time selection for the device to use to boot the PC. It overrides the normal boot priority order. The next time you boot, the PC will revert to the normal boot order. Virtually all BIOSs support this feature, they just do it differently. 
                 </div>
               </div>
                 
            <div class="down__column" style="background-color:#ddd;">                  
               <div class="part__head">Get the "<?php echo "{$debname}";?>" file (approx. 7MB) </div><br>
                  <a href="download/{$debname}";?>"><center><img src="images/download.png" style="height:44px; width:144px;"  alt="download deb file"> </center></center></a> <br />                 
               <div class="part__head">The MD5sum is:  <?php echo "{$debmd5}";?> </div>
                 <div class="down__redtext"><br>WARNING - FOR EXPERT USE ONLY !!!</div>
                   <div class="down__text"><br>This .deb file is designed to be installed on a large USB drive, typically 
                        1TB or greater, that already has an operating system installed and is intended as a backup drive.<b> For more information <a href="/download/deb_file.pdf" style="color:#ff0099">Click Here.</a></b></h3>
                   </div>      
                          <hr>                                 
               <div class="part__head">Get the "<?php echo "{$srcname}";?>" Source file (approx. 6MB) </div><br>
                 <a href="download/{$srcname}";?>"><center><img src="images/download.png" style="height:44px; width:144px;"  alt=""></center> </a> <br>
               <div class="part__head">The MD5sum is:  <?php echo "{$srcmd5}";?> </div>  
                 <div class="down__text"><br />This contains the files used to build Foxclone itself. It is provided to meet the terms of the GNU General Public License.</div>                            
               </div>
            </div>
          </div>


  <?PHP require_once("footer.php"); ?>

Thanks in advance

#2

Unless you overwrote it with your own method (Bad idea) PDO query does not take parameters.
https://www.php.net/manual/en/pdo.query.php

1 Like
#3

Those pdo queries have been working for almost a year now.

#4

When you learn how to correctly use Prepared Statements you will see the problem. This tutorial will show you how to do it.

https://phpdelusions.net/pdo

#6

Do these look correct to you?

$stmt = $pdo->prepare('SELECT filename FROM files WHERE id =?');
$stmt->execute([1]);
$isoname = $stmt->fetch();

$stmt = $pdo->prepare('SELECT md5 FROM files WHERE id =?');
$stmt->execute([1]);
$md5file = $stmt->fetch();

$stmt = $pdo->prepare('SELECT filename FROM files WHERE id =?');
$stmt->execute([2]);
$pdfname = $stmt->fetch();

$stmt = $pdo->prepare('SELECT filename FROM files WHERE id =?');
$stmt->execute([3]);
$debname = $stmt->fetch();

$stmt = $pdo->prepare('SELECT md5 FROM files WHERE id =?');
$stmt->execute([3]);
$debmd5 = $stmt->fetch();

$stmt = $pdo->prepare('SELECT filename FROM files WHERE id =?');
$stmt->execute([4]);
$srcname = $stmt->fetch();

$stmt = $pdo->prepare('SELECT md5 FROM files WHERE id =?');
$stmt->execute([4]);
$srcmd5 = $stmt->fetch();
#7

Yes, but I don’t get why you are running all these queries. What is the high level overview of what you have going on and the problem you are trying to solve with numerous queries.

#8

The queries are used to fill in file names and md5 on the the displayed page and to download the file based on filename. You can see it at https://foxclone.com and click on Downloads. All filenames and md5 on that page are retrieved thru those queries.

#9

Wouldnt it be more efficient to get all that data returned in just ONE query?

and then loop through or extract that data you need?

Something like this perhaps?

<?		
	
	$tableName = 'files';
	$downloadDetails_sql = "SELECT * FROM $tableName";
	$downloadDetails_stmt = $conn->prepare($downloadDetails_sql);
	$downloadDetails_stmt->execute();
	$downloadDetails_stmt->setFetchMode(PDO::FETCH_ASSOC);	

	$downloads = $downloadDetails_stmt->fetchAll();
	$rowcount = $downloadDetails_stmt->rowCount();	
			
	for($i=0; $i<$rowcount; $i++){
		echo 'ID: ' . $downloads[$i]['id'] . '<br>';
		echo 'File Name: ' . $downloads[$i]['filename'] . '<br>';
		echo 'MD5: ' . $downloads[$i]['md5'] . '<br><br>';
	}
	
?>
#10

Yes, it’s simple that way but I don’t know how I’d use it in this part of the same php file:

  <div class="head__h1">FoxClone Download Page</div>
    <div class ="download">
		  <div class="down__row">
         <div class="down__column" style="background-color:#ddd;">
		        <div class="part__head">Get the "<?php echo "{$isoname}";?>"  file (approx. 660MB)</div><br>
					  <a href="download/mydloader.php?f=<?php echo $isoname;?>"><center><img src="images/download.png" style="height:44px; width:144px;"  alt="download iso"> </center></a> <br />                 
            <div class="part__head">The MD5sum is:  <?php echo "{$md5file}";?> </div> <br/>
            
                          <hr>                                           
               <div class="part__head">Read or Download the Installation and Use Instructions </div><br>
               <a href="<?php echo "download/{$pdfname}";?>"><center><img src="images/download.png" style="height:44px; width:144px;" alt="download manual"></center></a><br> 						 
						 <hr>
               <div class="part__head">How To Install To A USB/CD</div>
                 <div class="down__text">1. Download the iso file <br />
                                2.<span class="tab">a. If burning to a USB stick use the USB image writer that comes with your distribution. </span> <br />
                     <span class="tab3">b. If burning to a CD, there are many Linux utilities, xfburn is one of the simplest. Install from your software 
manager/centre if not installed.</span>
                 </div>
               
                        <hr>
               <div class="part__head">How To Boot The USB/CD</div>
                 <div class="down__text">At the manufacturer’s splash screen, press the key to get into the boot menu. This key varies across PCs, as an example for a Lenovo Thinkpad it is F12. Consult your user manual to find out what the key is or google. Do not confuse the boot menu with the boot priority order       settings in BIOS. The boot menu is a one time selection for the device to use to boot the PC. It overrides the normal boot priority order. The next time you boot, the PC will revert to the normal boot order. Virtually all BIOSs support this feature, they just do it differently. 
                 </div>
               </div>
                 
            <div class="down__column" style="background-color:#ddd;">                  
               <div class="part__head">Get the "<?php echo "{$debname}";?>" file (approx. 7MB) </div><br>
                  <a href="download/mydloader.php?f=<?php echo $debname;?>"><center><img src="images/download.png" style="height:44px; width:144px;"  alt="download deb file"> </center></center></a> <br />                 
               <div class="part__head">The MD5sum is:  <?php echo "{$debmd5}";?> </div>
                 <div class="down__redtext"><br>WARNING - FOR EXPERT USE ONLY !!!</div>
                   <div class="down__text"><br>This .deb file is designed to be installed on a large USB drive, typically 
                        1TB or greater, that already has an operating system installed and is intended as a backup drive.<b> For more information <a href="/download/deb_file.pdf" style="color:#ff0099">Click Here.</a></b></h3>
                   </div>      
 						 <hr>	 							
               <div class="part__head">Get the "<?php echo "{$srcname}";?>" Source file (approx. 6MB) </div><br>
                 <a href="download/mydloader.php?f=<?php echo $srcname;?>"><center><img src="images/download.png" style="height:44px; width:144px;"  alt=""></center> </a> <br>
               <div class="part__head">The MD5sum is:  <?php echo "{$srcmd5}";?> </div>  
                 <div class="down__text"><br />This contains the files used to build Foxclone itself. It is provided to meet the terms of the GNU General Public License.</div>                            
               </div>
            </div>
          </div>
#11

I recommend that you use the id, rather than the filename as the input to mydloader.php. By using the filename, without any validation, any file on your server can be downloaded, such as the file holding your database connection credentials. By using the id, only those files that exist in the files table can be downloaded.

#12

I have no idea how to code that. I’d have to do the sql queries one way or another, either in the main download code or in the mydloader function.

#13

@phdr - OK, I’ve modified the download.php file to read as follows:
<a href=“download/mydloader.php?f=1>

and added the following to mydloader.php:

$stmt = $pdo->prepare('SELECT filename FROM files WHERE id =?');
$stmt->execute([$id]);
$l_filename = $stmt->fetch();

The question now is how do I use $l_filename in the following:
if( isset( $l_filename ) ) {
<a href= >
to force the download? What I’m trying to do is eliminate the following block of code:

header(‘Content-Type: octet-stream’);
header(“Content-Disposition: attachment; filename={$l_filename}”);
header(‘Pragma: no-cache’);
header(‘Expires: 0’);
readfile($l_filename);

Thanks in advance

Sponsor our Newsletter | Privacy Policy | Terms of Service