# Simple PHP file server...



## daPyr0x (Sep 10, 2005)

Alright, simple easy quick question.

I request the page server.com/server.php?file=abcd.zip
It returns file abcd.zip for download

How can I do this? I don't want a prewritten package that has tracking and all that kinda stuff because honestly I don't really care about that, all I want is something very simple to return that to start, and then be modifiable for down the road...


----------



## brendandonhu (Jul 8, 2002)

This is about as simple as it gets. Hope your server is secured properly.

```
<?php header("Location: $_GET['file']"); ?>
```


----------



## daPyr0x (Sep 10, 2005)

That's it, eh? Wow, why couldn't I find that?

Obviously I'd be securing the script to be more than just that simple, though I have a couple of questions on that, too...
is it possible for me to direct the script to get a file that Apache can't? Either by permissions on the file, or just moving the file to something other than the root of the server? I mean, would I be able to do "Location: $_GET[/other/directory/place/'file']"? Maybe set the permissions on the file such that only php can access it and not the regular apache service?


----------



## brendandonhu (Jul 8, 2002)

Yes, someone could do:

```
$_GET['file'] = '/etc/password';
or
$_GET['file'] = '../';
```
You can create an array of files that are allowed to be accessed along with a switch() statement, and use open_basedir to restrict it to serving files in a certain directory.


----------



## daPyr0x (Sep 10, 2005)

Okay, what am I missing?

For starters I did a file that was just as simple as what you wrote, tried it with 'file' and with a explicit path to a file, and I just get a blank page. I tried running php file.php and I get Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING


----------



## brendandonhu (Jul 8, 2002)

That's odd, does it work like this?

```
<?php
header("Location: " . $_GET['file']);
?>
```
It has to be at the very beginning of the page.


----------

