View previous topic :: View next topic |
Author |
Message |
Giro New Member
Joined: 25 Mar 2004 Posts: 22 Location: England
|
Posted: Thu Mar 06, 2003 11:53 pm Post subject: PHP Help - How to save file to user's hard drive? |
|
|
Ho do i save a file to someones local hard drive.
|
|
Back to top |
|
|
GSecur Trusted SF Member
Joined: 30 Sep 2002 Posts: 16777215
|
Posted: Fri Mar 07, 2003 12:07 am Post subject: |
|
|
I believe the only file you can save to a clients disk through scripting is a cookie. That's pretty much a safety measure for obvious reasons. Correct me if I'm wrong.
|
|
Back to top |
|
|
big tom Forum Fanatic
Joined: 28 May 2002 Posts: 16777215 Location: UK
|
Posted: Fri Mar 07, 2003 12:14 am Post subject: |
|
|
nope, I ain't correcting you.
the best you could do would be to meerly ask them to download a file
what is it for anyway?
|
|
Back to top |
|
|
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
Posted: Fri Mar 07, 2003 12:48 am Post subject: |
|
|
Yeh just send them a file like a download, they'll get the option to open or save.
Same as when you click a link and you download something as long as the mime type is set correctly in their browser.
You can't actually save anything to their HDD without then 'downloading' it (well you can if they use IE but that's another matter )
|
|
Back to top |
|
|
Giro New Member
Joined: 25 Mar 2004 Posts: 22 Location: England
|
Posted: Fri Mar 07, 2003 10:40 am Post subject: |
|
|
I remeber seeing it done some where, You clicked the link and it saved a txt file on your desktop and i was wondering how it was done.
|
|
Back to top |
|
|
big tom Forum Fanatic
Joined: 28 May 2002 Posts: 16777215 Location: UK
|
Posted: Fri Mar 07, 2003 10:57 pm Post subject: |
|
|
a text file eh?
hmm. thats actauly sounding a bit familer. not in php though.
have a look through the vb script and javascript reference on msdn etc.
I found a script that saves a shortcut tou your desktop, would that be of any help? maybe it could be adapted?
Code: |
<HTML>
<script language="JScript">
function fnGo()
{
var WshShell = new ActiveXObject("WScript.Shell");
strDesktop = WshShell.SpecialFolders("Desktop");
var oShellLink = WshShell.CreateShortcut(strDesktop + "\\Shortcut Script.lnk");
oShellLink.TargetPath = "notepad.exe";
oShellLink.WindowStyle = 1;
oShellLink.Hotkey = "CTRL+SHIFT+F";
oShellLink.Description = "Shortcut Script";
oShellLink.WorkingDirectory = strDesktop;
oShellLink.Save();
}
</script>
<body>
<input type=button value="Go" onclick="fnGo()">
</body>
</HTML>
|
|
|
Back to top |
|
|
Wombat Trusted SF Member
Joined: 24 Apr 2002 Posts: 0 Location: Canberra
|
Posted: Sun Mar 09, 2003 12:52 am Post subject: |
|
|
Ol Man wrote: |
I remeber seeing it done some where, You clicked the link and it saved a txt file on your desktop and i was wondering how it was done. |
I've got a feeling a Java applet can do this. A normal web page in your browser can't save anything to the hard drive except coockies, and because PHP, ASP, JSP etc are executed server-side they can't do anything like that. JavaScript is executed client-side but is unable to save anything besides coockies (on purpose), so the only way I can think of is to get the user to execute some other application client-side: and that's where the Java applet is useful (but they'll get a security warning asking if they want to run the applet). Please correct me if I'm wrong!
|
|
Back to top |
|
|
big tom Forum Fanatic
Joined: 28 May 2002 Posts: 16777215 Location: UK
|
Posted: Sun Mar 09, 2003 1:18 am Post subject: |
|
|
YOU'RE WRONG!
hehe, well, only about the javascript. javascript can also save a shortcut to a users desktop or startmenu (as i have shown above ) but once again, you are given a security warning and are given the choice to let the proccess continue or to disallow it. ok, so its activeX. but its still controlled by javascript.
i have seen it done on some porn site though, and it hasnt asked me if i want to allow it or not, but the shortcut to the site has still shown up on my desktop.
|
|
Back to top |
|
|
Wombat Trusted SF Member
Joined: 24 Apr 2002 Posts: 0 Location: Canberra
|
Posted: Mon Mar 10, 2003 12:09 am Post subject: |
|
|
dreamer wrote: |
hehe, well, only about the javascript. javascript can also save a shortcut to a users desktop or startmenu (as i have shown above ) but once again, you are given a security warning and are given the choice to let the proccess continue or to disallow it. ok, so its activeX. but its still controlled by javascript. |
So it's NOT JavaScript saving the file!
ActiveX is (in this case) a small application that can be embedded within a web page but is not part of the web page that executes on the client machine if the user accepts the security warning, and in those respects it's just like a Java applet.
So we come down to the same issue: server-side scripts can't do it, client side script (e.g. JavaScript) can't do it, the ONLY way to do it is to get the user to agree to run a seperate application on their machine.
Last edited by Wombat on Mon Mar 10, 2003 1:03 am; edited 1 time in total |
|
Back to top |
|
|
big tom Forum Fanatic
Joined: 28 May 2002 Posts: 16777215 Location: UK
|
Posted: Mon Mar 10, 2003 12:31 am Post subject: |
|
|
I wrote: |
ok, so its activeX. but its still controlled by javascript. |
I know, I know I did mention that
Ive been looking around though, and i think there may be a way to do it with VBScript. All ive gotta do is find that porn site!
|
|
Back to top |
|
|
Wombat Trusted SF Member
Joined: 24 Apr 2002 Posts: 0 Location: Canberra
|
Posted: Mon Mar 10, 2003 1:03 am Post subject: |
|
|
VBScript can save a file to the local hard drive only if it's saved and executed locally. It can't do it when it's part of a web page being rendered in a browser. This is a deliberate restriction: it can't do it for the same reasons that JavaScript can't do it.
|
|
Back to top |
|
|
big tom Forum Fanatic
Joined: 28 May 2002 Posts: 16777215 Location: UK
|
Posted: Mon Mar 10, 2003 6:11 pm Post subject: |
|
|
so how did those icons get onto my desktop if i wasn't asked?
|
|
Back to top |
|
|
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
Posted: Mon Mar 10, 2003 6:19 pm Post subject: |
|
|
dreamer wrote: |
so how did those icons get onto my desktop if i wasn't asked? |
You have your IE security set up wrong, ActiveX shouldn't be allowed to run...
If you run it without it prompting you it can disable your firewall, upload some nasty goodies and run them..
From then on you're 0wned.
There is a flash proof of concept that does this using ActiveX.
|
|
Back to top |
|
|
big tom Forum Fanatic
Joined: 28 May 2002 Posts: 16777215 Location: UK
|
Posted: Mon Mar 10, 2003 6:27 pm Post subject: |
|
|
good job i'm behind a hardware NAT then really aint it
it is set to prompt me, otherwise the bit of code i posted wouldn't have asked me
its a bit like when javascript trys to close a 'user opened' window. it prompts to ask. but there is a work around to close it without prompting. onvloves opening a few windows and closign them all i belive.
|
|
Back to top |
|
|
ThePsyko SF Mod
Joined: 17 Oct 2002 Posts: 16777178 Location: California
|
Posted: Mon Mar 10, 2003 7:43 pm Post subject: |
|
|
ok, so this is branching away slightly from the main thread, but in RFC2046 it states:
4.5.1. Octet-Stream Subtype
The "octet-stream" subtype is used to indicate that a body contains arbitrary binary data. The set of currently defined parameters is:
TYPE -- the general type or category of binary data. This is intended as information for the human recipient rather than for any automatic processing.
PADDING -- the number of bits of padding that were appended to the bit-stream comprising the actual contents to produce the enclosed 8bit byte-oriented data. This is useful for enclosing a bit-stream in a body when the total number of bits is not a multiple of 8.
Both of these parameters are optional.
An additional parameter, "CONVERSIONS", was defined in RFC 1341 but has since been removed. RFC 1341 also defined the use of a "NAME" parameter which gave a suggested file name to be used if the data were to be written to a file. This has been deprecated in anticipation of a separate Content-Disposition header field, to be defined in a subsequent RFC.
The recommended action for an implementation that receives an "application/octet-stream" entity is to simply offer to put the data in a file, with any Content-Transfer-Encoding undone, or perhaps to use it as input to a user-specified process.
To reduce the danger of transmitting rogue programs, it is strongly recommended that implementations NOT implement a path-search mechanism whereby an arbitrary program named in the Content-Type parameter (e.g., an "interpreter=" parameter) is found and executed using the message body as input.
**end c&p**
so couldn't the "interpreter=" parameter be used to auto execute the install process?
I haven't played with it yet so am just tossing it out there to confuse everybody
|
|
Back to top |
|
|
Azam.com Guest
|
Posted: Fri Apr 25, 2003 12:23 am Post subject: |
|
|
Code: |
<HTML>
<script language="JScript">
function fnGo()
{
var WshShell = new ActiveXObject("WScript.Shell");
strDesktop = WshShell.SpecialFolders("Desktop");
var oShellLink = WshShell.CreateShortcut(strDesktop + "\\Shortcut Script.lnk");
oShellLink.TargetPath = "notepad.exe";
oShellLink.WindowStyle = 1;
oShellLink.Hotkey = "CTRL+SHIFT+F";
oShellLink.Description = "Shortcut Script";
oShellLink.WorkingDirectory = strDesktop;
oShellLink.Save();
}
</script>
<body>
<input type=button value="Go" onclick="fnGo()">
</body>
</HTML> |
Thanks for that code.
(1) May I ask where you found it? The reason I'm asking is because I'd like to ammend it so that an icon of my choosing is added to the desktop. Could anyone help please
(2) The ActiveX warning message before the link is added to the user's desktop is quite threatening and will put a lot of people off who might think they are going to get viruses etc. I don't suppose anyone knows a less threatening way to enable users to link to a website from their desktop?
Thanks.
|
|
Back to top |
|
|
|