Anyone good with PHP?

I found the following PHP script online, and was trying to use it, but I've had some problems.

This is the script:

<?php
$file = halmer.cer
header('Content-Description: File Transfer');
header('Content-Type: application/x-x509-ca-cert');
header('Content-Length: ' . filesize($file));
$bn = basename($file);
header("Content-Disposition: attachement;filename=$bn");
readfile($file);
?>

But when I open the PHP script I get the following error

Parse error: syntax error, unexpected T_STRING in /home/a8533703/public_html/install.php on line 6

Anyone see the problem with the script? Its probably something pretty obvious, but I don't know much about PHP. Thanks to anyone who can help.

EDIT: BTW, the forum isn't showing the HTML tags that are in there, so the 6th line is the on which reads:

header('Content-Description: File Transfer');

Edited 1 time(s). Last edit at 01/21/2010 08:01PM by SifJar.

$file = halmer.cer ?

Should that not be $file = "halmer.cer";

Also I think you may need the full path ie.... /home/a8533703/public_html/halmer.cer or whatever it is.

the full path is not necassary in this case as long that the file is stored relatively to the executed script

ALSO!
cant remember the exact name, but some servers have a php setting allowing url vars to be automatically mapped to php vars

htp://test.com/test.php?test=1&foo=3
-->
$test = 1;
$foo = 3;

although this is being removed in PHP6, i would suggest that the $file is changed to a constant so that an attack like:
htp://test.com/install.php?file=xxxx will fail

not sure if this is an actual script or just a sandbox so i thought just to be safe as readfile() will force a file download and if the script is attacked another file could forced to download e.g

htp://test.com/install.php?file=http://baddomain.com/badfile.exe

which using your code could theoretically force the download of htp://baddomain.com/badfile.exe if the server is not correctly set

if the server is safely configured then the attack will have no effect



Edited 3 time(s). Last edit at 01/21/2010 09:38PM by SteelSLasher.

Hmmm, still no success... SteelSlasher, not sure what you're advising me to do, basically I want the script to download the file with the attributes "content type" etc. set as listed above. Would there be a better way to do this? I have just copy-pasted this from a site, and have little understanding of PHP. Sorry for being such a n00b, I am currently trying to learn PHP, but apparently it helps alot to know HTML and JavaScript first, so I'm going through a quick HTML tutorial to refresh my memory on that. Anyway, any help would be appreciated in getting this to work.

Try this, some code I used a while ago.

        $filename = "halmer.cer"; // I think you need full path !!
	$shortname = basename( $filename );
	$contentType='application/x-x509-ca-cert';

	header("Pragma: ");
	header("Cache-Control: ");
	header("Content-type: $contentType");
	header("Content-Disposition: attachment; filename=\"".$shortname."\"");
	header("Content-length:".(string)(filesize($filename)));

	set_time_limit(0);	

	readfile($filename);

Thanks, I'll give it a try.

EDIT: Seems it may be working, thank you!



Edited 1 time(s). Last edit at 01/21/2010 11:45PM by SifJar.

OK, it works on my computer, but not on my mobile phone (which is the while point of this exercise, I'm trying to get it to install a new certificate for Java). On the computer, it downloads the file no problem. But on my phone it gives a PHP error saying the line "set_time_limit(0);" has been disabled for security reasons, then it has the file below that, but it isn't downloading the file, it just displays the contents of the file. Anyone have any idea why this is working on the computer but not on my mobile phone?

Quote
SifJar
OK, it works on my computer, but not on my mobile phone (which is the while point of this exercise, I'm trying to get it to install a new certificate for Java). On the computer, it downloads the file no problem. But on my phone it gives a PHP error saying the line "set_time_limit(0);" has been disabled for security reasons, then it has the file below that, but it isn't downloading the file, it just displays the contents of the file. Anyone have any idea why this is working on the computer but not on my mobile phone?

You are running php on a server, right? If so there should be no difference between set_time_limit(0); on the phone or computer as the code is run on the server not the phone or computer client. If you're running php on the phone then yes that function may not be supported or be blocked. You can just try removing this line if you like.

The reason it's echoing the file is probably because the phone does not recognize the content type 'application/x-x509-ca-cert'. To force a binary download try setting the content type to $contentType='application/octet-stream';.

Its on a server yeah, and it works fine on computer, just not on phone...I'll try changing that line thanks. BTW, I also removed the problem line, which removed the error, but still made it echo the file instead of download. Thanks for all your help, if this doesn't work, I'll probably just give up.

Quote
SifJar
Its on a server yeah, and it works fine on computer, just not on phone...I'll try changing that line thanks. BTW, I also removed the problem line, which removed the error, but still made it echo the file instead of download. Thanks for all your help, if this doesn't work, I'll probably just give up.

What browser is it on the phone? I remember a similar issue where firefox would echo and IE would download. I'm trying to think how I fixed it.

Also make sure there's no other output after or before the download this can sometimes mess it up. You can force the script to end with an exit(); Also check out php.net (http://us.php.net/manual/en/function.readfile.php) it has a ton of good info.

<?php
$filename = "halmer.cer"; // I think you need full path !!
$shortname = basename( $filename );
$contentType='application/octet-stream';
header("Pragma: ");
header("Cache-Control: ");
header("Content-type: $contentType");
header("Content-Disposition: attachment; filename=\"".$shortname."\"");
header("Content-length:".(string)(filesize($filename)));
readfile($filename);
exit(0);
?>

Well, it still echoed the file. The browser on the phone is netfront I believe. On computer it works fine in Chrome and Firefox.

Oh, and about the changing the content type: It NEEDS to have the content type I had, that's the whole point of having a script. I tried directly linking to it, and that worked, as in it downloaded, but to install it, you apparently need to set the content type to what I have above.

I dunno what the problem is, it may be my phone. Anyway, I think I'll just forget about it for now. I actually already have the certificate on my phone installed through another method, but I'm planning on getting a new phone, which won't work with the other method, so I was trying to get this set up. Maybe it will work with the new phone, it could just be a problem with my current phone.

EDIT: Just tried it in Opera Mini, and it downloaded, but it didn't install it. Although I currently have the content type set to what you told me. I'll try later/tomorrow with it as what its meant to be. Thanks again for all your help.



Edited 1 time(s). Last edit at 01/22/2010 07:50PM by SifJar.