4

I'm trying to implement an indirect download through PHP. On the client side I verify if the downloaded file is correct or not using md5.

When I download the file directly (http://server/folder/file.apk) I get the same md5 checksum as on the file system, but when I download it via the PHP script (http://server/some_page.php) I get a totally different checksum. Why?

Here's my PHP script:

<?php
$name_file="test2.apk";
$path="/home/user/public_html/apk/"; 
$dimension_file=(string)filesize($name_file);

header("Content-Type: application/vnd.android.package-archive ; name=".$name_file);
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".$dimension_file);
header("Content-Disposition: inline; filename=".$name_file);
header("Expires: 0");
header("Cache-Control: no-cache, must-revalidate");
header("Cache-Control: private");
header("Pragma: public");

readfile($path.$name_file);
?>
Rob
  • 14,746
  • 28
  • 47
  • 65
Zorb
  • 726
  • 11
  • 24
  • 1
    Check for white spaces in the code and remove them. Mostly by indenting. Also it's a good practice not to close the php with ?> when executing code that isn't directly writing something on the page. – Vladimir Nov 23 '11 at 15:57
  • 1
    Make sure there are no newlines or spaces before the ``. It's also a good idea to `exit;` after sending the file, just to be safe. – gen_Eric Nov 23 '11 at 16:21
  • You may check the encoding, for example UTF-8 on one side and ISO on the other. If your php script is not in the same encoding, it can result on some checksum errors – Alexandre GUIDET Nov 23 '11 at 16:55

2 Answers2

1

I found the error:

 $name_file="test2.apk";
 $path="/home/user/public_html/apk/"; 
 $dimension_file=(string)filesize($name_file); //<-- HERE! ---

i was retrieving the size using only the name of file instead of using the full path

filesize($name_file) ---> filesize( $path . $name_file)

the error was hidden from 

header("Content-Type: application/vnd.android.package-archive");

and the php error response added to the content of the downloaded file.

So i suggest to who has this kind of problems to comment the "Content-Type" while debugging to see if there are some errors in the php code and when all code seems to work re-enable the "Content-Type" header.

On my server spaces in the code before the 

readfile($path.$name_file);

has no influence on the checksum

Thanks to Vladimir and Rocket for good practice tips

Zorb
  • 726
  • 11
  • 24
0

I was having similar problems downloading PDF files, via an fread (although readfile gave the same problem). My eventual problem was solved by turning off the debug output of the application - which in my case was Wordpress. I had WP_DEBUG set to true which caused the differences in MD5.

icc97
  • 11,395
  • 8
  • 76
  • 90