A Flash Developer Resource Site

Results 1 to 9 of 9

Thread: how to force the open/save download dialog box

  1. #1
    Junior Member
    Join Date
    Mar 2005
    Posts
    9

    how to force the open/save download dialog box

    I searched for hours and hours, days on end, hundreds of posts and dozens of websites. All I wanted was to force the open/save dialog box so people could save my files instead of them opening automatically within the browser/plug-in. I found lots of clues and advice and technical jargon, but never found a step-by-step explanation for a dummy.

    Thanks to Musicman, I finally got it working. I take no credit for this, but here is a STEP-BY-STEP explanation for the uninitiated, hopefully saving you many steps and hours of searching. I'm sure this is overly simplistic to those who know what they're doing, but for those of us clueless, it does what I needed it to do and nothing more.

    I happened to settle on using php script to do this because it was the easiest for me to understand, and my website host supports php.

    I opened a simple text editor like Notepad, and typed the following:

    <?
    header ("Content-Type: application/download");
    header ("Content-Disposition: attachment; filename=$yourfile");
    header("Content-Length: " . filesize("$yourfile"));
    $fp = fopen("$yourfile", "r");
    fpassthru($fp);
    ?>

    Now 'Save As...' and call it download.php (make sure it does not put .txt on the end of the filename). The phrase $yourfile is a variable that you'll define in Flash (the next step) as the name of the file you want people to be able to save.

    In your Flash movie, select the instance of your button that is supposed to activate the download procedure, and open the Actions panel. The ActionScript here needs to direct the browser to your download.php file, and set the variable (yourfile) as the filename you wish them to download.

    Mine looks like this:

    on (release) {
    getURL ("download.php?yourfile=samplesong.mp3");
    }

    On releasing the mouse button, the browser goes to download.php, with the variable yourfile set as samplesong.mp3, which is the file I want people to be able to save (yours will be different, of course). The variable gets passed to the php file (called $yourfile) which does the rest.

    The way I have done this, the php file, the file I want downloaded, and my flash files all have to be in the same folder. So upload everything to your webspace folder and test it.

    Apparently you can separate the files into different folders, you just have to specify in your flash and/or php file. For example, if the flash and php files are in your root, but your downloads are in a folder called downloads, you'd replace $yourfile with downloads\$yourfile.

    I am not 100% sure how many platforms/browsers this works for, but I have tested it on Win98, Win98SE, and WinXP with no problems in the following browsers:
    IE6
    Netscape7.2
    Mozilla 4
    SlimBrowser 4.04
    AOL 9.0

    Apparently it is supposed to work with Macintosh browsers, but I have no way to test this. If anyone knows specifics about php headers in Apple OS browsers, I'd love to be reassured that this will work.

    Thank you so much for your help, Musicman. I'm sure any errors are mine alone. If anyone sees glaring errors or problems with this procedure, please post it. I tried to keep my php file exceptionally simple because I'm a dummy. I'd be happy to include valuable additions to it if you explain them to me.

    Hope this helps.

  2. #2
    >>SubKloda<<
    Join Date
    Nov 2002
    Location
    Look Behind You
    Posts
    85
    Hi there,
    very useful although i have a few points:

    -you could also use "Content-Type: application/octet-stream"

    -you have to be careful with a script like this because in theory it could someone unwanted access to files on your web server, eg. 'download.php?yourfile=download.php' would possibly return your full php script rather than the processed contents.

    hope this helps,
    Andy

  3. #3
    Junior Member
    Join Date
    Mar 2005
    Posts
    9
    Please elabortate, what does octet-stream mean or what does it do that I would or should use it in place of what is working now?

    As far as security, I've wondered about this. But why would I mind if someone downloaded my download.php file that I have posted for public scrutiny? It's hardly revolutionary, and if it were, I'd probably know enough about the subject to prevent its unwanted use.

    If for some reason I had super top secret documents that I keep in my public web folder (let's say) and some nefarious character wanted those documents, and he/she hijacked my own download.php script to do their dirty deeds, wouldn't he/she need to know that it's called download.php (I very well might call it scoobypoop.php) and also know what the names of my super top secret files are? I tried using wildcards, but they don't work with it.

    What is the preferred security solution so that I (we) may implement it, and can you describe how it works?

    Thanks

  4. #4
    Registered User
    Join Date
    Feb 2001
    Posts
    13,041
    Hi,

    comments about that:
    I have not found a definite reason to prefer octet-stream or download - maybe somebody else knows
    Security: the original discussion had downloadable files in a separate folder.
    Also it is a very good idea to add
    {code]
    if(ereg("/", $yourfile))
    { header("Status: 403");
    die("Thou shalt not hack");
    }
    [/code]
    to the script.
    It is meant to protect you from people who would try to access
    downloadfiles/../../../../etc/passwd (the server's password file)

    BTW: the use of 403 error here adds a slight chance that the attempt triggers security system installed by the server admin

    Musicman
    Last edited by Musicman; 03-19-2005 at 03:16 AM.

  5. #5
    Junior Member
    Join Date
    Mar 2005
    Posts
    9
    I think I understnd that... maybe. So I should start by moving my downloadable files into a specific downloads folder (we'll call it 'folder'). Should I move the php file into that directory as well and change my ActionScript to find it, or should I leave the php in the root folder and change the php file's $fp line to $fp = fopen("folder/$yourfile", "r");? Is there an advantage to doing it one way or the other?

    Then,
    if(ereg("/", $yourfile)) checks to see if someone has added a directory to the filename, thereby attempting to leave my nominated downloads folder. If there is a "/" in the variable, then...

    { header("Status: 403"); sends out a header that access is forbidden (#403),

    die("Thou shalt not hack");} "die" terminates the script, and I presume it sends the nastygram "thou shall not hack" to be displayed in the offending browser.

    So, if I got that much right, I had better figure out where to place it in the php file... I guess it can go right after <? at the very top... so it'd look like this...

    <?
    if(ereg("/", $yourfile))
    { header("Status: 403");
    die("Thou shalt not hack");
    }
    header ("Content-Type: application/download");
    header ("Content-Disposition: attachment; filename=$yourfile");
    header("Content-Length: " . filesize("$yourfile"));
    $fp = fopen("$yourfile", "r");
    fpassthru($fp);
    ?>

    Yes? Is my script safe from gremlins now? (I'm sure someone will add another caveat soon...)

    Thanks. You must feel like you're teaching a class... I don't mean to repeat you so much, but I want to make sure I keep this accurate STEP-BY-STEP along the way, because step-by-step is what I could never find.

  6. #6
    Junior Member
    Join Date
    Mar 2005
    Posts
    9
    oh crap, I just noticed the code lines... those go in there too? I noticed the brackets around the first code do not match (nor do they match the brackets on the closing code)... is that intentional or a typo or the code lines were not meant to literally go into the file?

    So if it's all correct as originally typed, it'd look like this...

    <?
    {code]
    if(ereg("/", $yourfile))
    { header("Status: 403");
    die("Thou shalt not hack");
    }
    [/code]
    header ("Content-Type: application/download");
    header ("Content-Disposition: attachment; filename=$yourfile");
    header("Content-Length: " . filesize("$yourfile"));
    $fp = fopen("$yourfile", "r");
    fpassthru($fp);
    ?>

    How's that look?
    Last edited by thecrowdog; 03-19-2005 at 03:48 AM.

  7. #7
    Registered User
    Join Date
    Feb 2001
    Posts
    13,041
    Hi,

    I hoped to type it right - so the code would stand out in the forum display

    Code:
    <?
    if(ereg("/", $yourfile))
    {   header("Status: 403");
        die("Thou shalt not hack");
    }
    header ("Content-Type: application/download");
    header ("Content-Disposition: attachment; filename=$yourfile");
    header("Content-Length: " . filesize("$yourfile"));
    $fp = fopen("$yourfile", "r");
    fpassthru($fp);
    ?>
    Musicman

  8. #8
    Junior Member
    Join Date
    Mar 2009
    Posts
    2

    OOOOOOOLD THREAD>.....same question

    Hello,

    This thread is excellent! I have no experience with php and have been trying to get help to implement the file reference command to force download of pdf files from my site, but then someone recommended using php and this seems much simpler.

    Only thing I am still not sure of is
    So I should start by moving my downloadable files into a specific downloads folder (we'll call it 'folder'). Should I move the php file into that directory as well and change my ActionScript to find it, or should I leave the php in the root folder and change the php file's $fp line to $fp = fopen("folder/$yourfile", "r");? Is there an advantage to doing it one way or the other?
    Could anyone answer this? leave php in root folder and change to $fp = fopen("folder/$yourfile", "r")

    or move php and change actionscript accordingly?

    Thank you so much for this walkthrough.....it is so great for someone like myself who knows enough to get by in flash but not enough to really know what he is doing all the time....

  9. #9
    Registered User
    Join Date
    Feb 2001
    Posts
    13,041
    Hi,

    my preference would still be to keep the php outside the data folder. This would allow some mechanisms where the visitor has to go through your site, rather than a foreign site just linking to your pdf

    Musicman

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  




Click Here to Expand Forum to Full Width

HTML5 Development Center