When you implement HTTP file downloading, your CGI program first needs to
check whether the person is allowed to access the file in question. This
process, of course, depends on your environment and how you determine who can
access your files. If you deny a user access to the file, you need to send a
regular HTML header and a message to notify the user that the access criteria
were not met. If the user has access rights, the program needs to immediately
send a header that describes the file as a binary file. The format of the
download header, which DownloadFile sends at callout A in Listing 4,
is as follows:
Content-type: application/octet-stream
After sending the header, DownloadFile uses the Do loop at B in Listing 4,
to read from the disk file (which, of course, does not have to be in a
public HTML directory) in binary mode and call the Send subroutine. The Send
subroutine, shown in Listing 5, sends the data to the browser.
In Listing 5, Send uses the Win32 API GetStdHandle function to get the
handle for Standard Out. The first parameter of the WriteFile function is this
handle. The second parameter of WriteFile is the data to be transferred appended
with the carriage-return line-feed character. The third parameter contains the
length of the data to be downloaded, and the fourth parameter will contain the
number of bytes sent after the WriteFile function finishes executing.
Unlike a regular file download via an HREF tag, the Web server doesn't know
the contents of a file and sends the file as a binary stream. Therefore, the
server will not try to send the file as a particular MIME type. Let's look at
one possibility of how to call the CGI routine from the HTML form:
<FORM METHOD="POST" ACTION=
"/cgi-bin/file_download.exe?download:filename.doc">
<INPUT TYPE="SUBMIT" VALUE=
" file_name.doc ">
</FORM>
This example shows the download CGI program (file_download.exe) being
called and passed the download file's name (filename.doc) as a CGI Query string.
This arrangement works fine, but when the File, Save As dialog box shows up, the
default file name will be the name of the CGI program, not the name of the file
to be saved. To get around this problem, you can trick the browser into
providing the correct file name as the default, as shown in this modified ACTION
parameter:
ACTION="/cgi-bin/file_download.
exe/filename.doc?documents/filename.doc "
The correct CGI routine will still execute on the server side, but now the
File, Save As dialog box will default to the correct filename.
Just the Tip of the Application Iceberg
In this article, I've shown how to use a VB CGI program to do HTTP File
Uploads and downloads. The example upload_cgi program uploads a file to a
directory and then echoes the contents of that directory to the user. The user
can then download a file to verify that the upload worked properly.
You can easily modify this shell to meet lots of specific business
situations. For instance, you can create an Internet or intranet file warehouse
that allows uploading, indexing, and searching of the warehoused files. But this
idea is just the tip of the iceberg. Once you have adapted the program to your
company's needs, simply add user authentication and Secure Sockets Layer (SSL)
to your server, and you get a very secure method for transferring files
to your Web server.