I have this script:
<?php
$id = $_GET["id"];
switch($id)
{
default: echo "Bad ID!"; exit;
case "MyPicture1": $file = "img/img1.jpg"; break;
case "MyPicture2": $file = "img/img2.jpg"; break;
case "MyPicture3": $file = "img/img3.jpg"; break;
case "MyPicture4": $file = "img/img4.jpg"; break;
}
if(file_exists($file))
{
$size = getimagesize($file);
$fp = fopen($file, 'rb');
if($size and $fp)
{
header('Last-Modified: '.gmdate('D, d M Y H:i:s', filemtime($file)).' GMT');
header('Content-Type: '.$size['mime']);
header('Content-Length: '.filesize($file));
fpassthru($fp);
}
exit;
}
else
{
echo "Bad ID!";
}
?>
Which works fine for loading images like this <IMG Src="/Script.php?id=MyPicture1" />!
But the problem occurs when I try to load ANY other MIME content, to be displayed directly on the page or to switch page with it, but unsuccessfully... I tried with:
<?php
$file_name = $_GET["id"];
switch($file_name)
{
default: echo 'Bad ID!'; exit;
case "style1": $file_name = "csss/style_one.css"; break;
case "style2": $file_name = "csss/style_two.css"; break;
case "image1": $file_name = "images/image_one.jpg"; break;
case "image2": $file_name = "images/image_one.png"; break;
case "image3": $file_name = "images/image_one.bmp"; break;
case "image4": $file_name = "images/image_one.gif"; break;
case "video1": $file_name = "videos/video_one.avi"; break;
case "video2": $file_name = "videos/video_two.mp4"; break;
case "video3": $file_name = "videos/video_three.mov"; break;
case "php_page_1": $file_name = "php_pages/php_one.php"; break;
case "html_page_1": $file_name = "html_pages/html_one.html"; break;
case "icon_fav_1": $file_name = "icons/icon_one.ico"; break;
case "font_1": $file_name = "fonts/font_one.otf"; break;
}
if(file_exists($file_name))
{
$size = getImageSize("$file_name");
$fP = fOpen("$file_name", "rb");
if($size and $fP)
{
header('last-modified: '.gmdate('D, d M Y H:i:s', filemtime($file_name)).' GMT');
header('content-type: '.$size['mime'].');
header('content-length: '.filesize($file_name).);
fPassThru($fP);
}
exit;
}
else
{
echo 'Bad ID!';
}
?>
If I load CSS sheet like /Script.php?id=MyCSS1, I want CSS file to be loaded properly on the page - that is I want CSS file to be loaded on the page as if it was loaded with <LINK rel="stylesheet" type="text/css" href="css/styles_one.css" />. The same applies to ANY and ALL other MIME content, including switching pages with ANY extension with it - like /Script.php?id=php_page_1 (if php page 1 is clicked).
Can you help?
You can use the php function mime_content_type. Here is an example with some syntactic sugar.
<?php
$file_name = $_GET["id"];
switch($file_name)
{
default: echo 'Bad ID!'; exit;
case "style1": $file_name = "csss/style_one.css"; break;
case "style2": $file_name = "csss/style_two.css"; break;
case "image1": $file_name = "images/image_one.jpg"; break;
case "image2": $file_name = "images/image_one.png"; break;
case "image3": $file_name = "images/image_one.bmp"; break;
case "image4": $file_name = "images/image_one.gif"; break;
case "video1": $file_name = "videos/video_one.avi"; break;
case "video2": $file_name = "videos/video_two.mp4"; break;
case "video3": $file_name = "videos/video_three.mov"; break;
case "php_page_1": $file_name = "php_pages/php_one.php"; break;
case "html_page_1": $file_name = "html_pages/html_one.html"; break;
case "icon_fav_1": $file_name = "icons/icon_one.ico"; break;
case "font_1": $file_name = "fonts/font_one.otf"; break;
}
if(file_exists($file_name)) {
header("last-modified: {gmdate('D, d M Y H:i:s', filemtime($file_name))} GMT");
header("content-type: {mime_content_type($file_name)}");
header("content-length: {filesize($file_name)}");
readfile($file_name);
} else {
echo 'Bad ID!';
}
exit;
If you are using php 8. You will have to write it like this.
<?php
$file_name = $_GET["id"];
switch($file_name)
{
default: echo 'Bad ID!'; exit;
case "style1": $file_name = "csss/style_one.css"; break;
case "style2": $file_name = "csss/style_two.css"; break;
case "image1": $file_name = "images/image_one.jpg"; break;
case "image2": $file_name = "images/image_one.png"; break;
case "image3": $file_name = "images/image_one.bmp"; break;
case "image4": $file_name = "images/image_one.gif"; break;
case "video1": $file_name = "videos/video_one.avi"; break;
case "video2": $file_name = "videos/video_two.mp4"; break;
case "video3": $file_name = "videos/video_three.mov"; break;
case "php_page_1": $file_name = "php_pages/php_one.php"; break;
case "html_page_1": $file_name = "html_pages/html_one.html"; break;
case "icon_fav_1": $file_name = "icons/icon_one.ico"; break;
case "font_1": $file_name = "fonts/font_one.otf"; break;
}
if(file_exists($file_name)) {
$last_modified = gmdate('D, d M Y H:i:s', filemtime($file_name));
header("last-modified: $last_modified GMT");
$content_type = mime_content_type($file_name);
header("content-type: $content_type");
$content_length = filesize($file_name);
header("content-length: $content_length");
readfile($file_name);
} else {
echo 'Bad ID!';
}
exit;
getImageSize() is just for image files. The more general function for getting MIME types is mime_content_type().
if(file_exists($file_name))
{
$type = mime_content_type("$file_name");
$fP = fOpen("$file_name", "rb");
if($type and $fP)
{
header('last-modified: '.gmdate('D, d M Y H:i:s', filemtime($file_name)).' GMT');
header('content-type: '.$type.');
header('content-length: '.filesize($file_name).);
fPassThru($fP);
}
exit;
}
else
{
echo 'Bad ID!';
}
Related
I have a website that is set up like this:
client request --> gate.php --> requested file
Every request the client sends goes to gate.php were it is parsed. Gate.php then includes the requested file from a restricted directory so that the client cannot access any file but gate.php.
Gate file:
<?php
$_uri = strtok($_SERVER["REQUEST_URI"],'?');
$_root = "<root>";
// Index //
switch($_uri) {
case "/": $_uri = "<path>"; break;
case "/css": $_uri = "<path>"; break;
case "/js": $_uri = "<path>"; break;
case "/font": $_uri = "<path>".strtok($_GET["p"],".")."/".$_GET["p"]; break;
case "/ajax": $_uri = "<path>"; break;
case "/signin": $_uri = "<path>"; break;
case "/signup": $_uri = "<path>"; break;
default:
if(substr($_uri,0,8) == "/profile") { // profile
$_uri = "<path>";
$_page = substr($_uri,9);
} else {
header("HTTP/1.1 404");
require_once($_root."<path>");
die();
}
}
!isset($_page) and isset($_GET["p"]) ? $_page = $_GET["p"] : 0;
// Mime //
$_path = explode(".",$_uri);
switch($_path[1]) {
case "php": $_path[2] = "text/html"; break;
case "css": $_path[2] = "text/css"; break;
case "js": $_path[2] = "application/javascript"; break;
case "xml": $_path[2] = "application/xml"; break;
case "svg": $_path[2] = "application/xml+svg"; break;
case "jpg": $_path[2] = "image/jpeg"; break;
case "png": $_path[2] = "image/png"; break;
case "otf": $_path[2] = "x-font/otf"; break;
case "eot": $_path[2] = "x-font/eot"; break;
case "ttf": $_path[2] = "x-font/ttf"; break;
case "woff": $_path[2] = "x-font/woff"; break;
default:
header("HTTP/1.1 500");
require_once($_root."<path>");
die();
}
$_path[2] == "text/html" ? require_once($_root."<path>") : 0;
// File //
header("Content-Type: ".$_path[2]);
require_once($_root."/sys".$_uri);
?>
The problem is, when I pass a font file through the gate, the font file contains the text <? which PHP parses and returns an error.
Is there any way to escape the font file so that PHP does not parse it?
You can only require files that can be interpreted by PHP. If you want to serve other kinds of files through your script, you have to output them by reading them.
Something like:
$file = 'myfontfile.ttf';
if (file_exists($file)) {
header('Content-Type: application/octet-stream');
header('Content-Disposition: inline; filename="'.basename($file).'"');
header('Content-Length: ' . filesize($file));
readfile($file);
exit;
}
I'm using the latest version of mybb (mybb1.8), and it has attachment feature, but it upload the files into current host, I want upload the files to different server or host.
How can I do that ?
Download Mybb18 if you need it:
http://resources.mybb.com/downloads/mybb_1800.zip
PHP code of attachment.php file
<?php
/**
* MyBB 1.8
* Copyright 2014 MyBB Group, All Rights Reserved
*
* Website: http://www.mybb.com
* License: http://www.mybb.com/about/license
*
*/
define("IN_MYBB", 1);
define('THIS_SCRIPT', 'attachment.php');
require_once "./global.php";
if($mybb->settings['enableattachments'] != 1)
{
error($lang->attachments_disabled);
}
// Find the AID we're looking for
if(isset($mybb->input['thumbnail']))
{
$aid = $mybb->get_input('thumbnail', 1);
}
else
{
$aid = $mybb->get_input('aid', 1);
}
$pid = $mybb->get_input('pid', 1);
// Select attachment data from database
if($aid)
{
$query = $db->simple_select("attachments", "*", "aid='{$aid}'");
}
else
{
$query = $db->simple_select("attachments", "*", "pid='{$pid}'");
}
$attachment = $db->fetch_array($query);
$plugins->run_hooks("attachment_start");
if(!$attachment)
{
error($lang->error_invalidattachment);
}
$pid = $attachment['pid'];
// Don't check the permissions on preview
if($pid || $attachment['uid'] != $mybb->user['uid'])
{
$post = get_post($pid);
$thread = get_thread($post['tid']);
if(!$thread && !isset($mybb->input['thumbnail']))
{
error($lang->error_invalidthread);
}
$fid = $thread['fid'];
// Get forum info
$forum = get_forum($fid);
// Permissions
$forumpermissions = forum_permissions($fid);
if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']) || ($forumpermissions['candlattachments'] == 0 && !$mybb->input['thumbnail']))
{
error_no_permission();
}
// Error if attachment is invalid or not visible
if(!$attachment['attachname'] || (!is_moderator($fid, "canviewunapprove") && ($attachment['visible'] != 1 || $thread['visible'] != 1 || $post['visible'] != 1)))
{
error($lang->error_invalidattachment);
}
}
if(!isset($mybb->input['thumbnail'])) // Only increment the download count if this is not a thumbnail
{
$attachupdate = array(
"downloads" => $attachment['downloads']+1,
);
$db->update_query("attachments", $attachupdate, "aid='{$attachment['aid']}'");
}
// basename isn't UTF-8 safe. This is a workaround.
$attachment['filename'] = ltrim(basename(' '.$attachment['filename']));
$plugins->run_hooks("attachment_end");
if(isset($mybb->input['thumbnail']))
{
$ext = get_extension($attachment['thumbnail']);
switch($ext)
{
case "gif":
$type = "image/gif";
break;
case "bmp":
$type = "image/bmp";
break;
case "png":
$type = "image/png";
break;
case "jpg":
case "jpeg":
case "jpe":
$type = "image/jpeg";
break;
default:
$type = "image/unknown";
break;
}
header("Content-disposition: filename=\"{$attachment['filename']}\"");
header("Content-type: ".$type);
$thumb = $mybb->settings['uploadspath']."/".$attachment['thumbnail'];
header("Content-length: ".#filesize($thumb));
$handle = fopen($thumb, 'rb');
while(!feof($handle))
{
echo fread($handle, 8192);
}
fclose($handle);
}
else
{
$ext = get_extension($attachment['filename']);
switch($attachment['filetype'])
{
case "application/pdf":
case "image/bmp":
case "image/gif":
case "image/jpeg":
case "image/pjpeg":
case "image/png":
case "text/plain":
header("Content-type: {$attachment['filetype']}");
$disposition = "inline";
break;
default:
$filetype = $attachment['filetype'];
if(!$filetype)
{
$filetype = 'application/force-download';
}
header("Content-type: {$filetype}");
$disposition = "attachment";
}
if(strpos(strtolower($_SERVER['HTTP_USER_AGENT']), "msie") !== false)
{
header("Content-disposition: attachment; filename=\"{$attachment['filename']}\"");
}
else
{
header("Content-disposition: {$disposition}; filename=\"{$attachment['filename']}\"");
}
if(strpos(strtolower($_SERVER['HTTP_USER_AGENT']), "msie 6.0") !== false)
{
header("Expires: -1");
}
header("Content-length: {$attachment['filesize']}");
header("Content-range: bytes=0-".($attachment['filesize']-1)."/".$attachment['filesize']);
$handle = fopen($mybb->settings['uploadspath']."/".$attachment['attachname'], 'rb');
while(!feof($handle))
{
echo fread($handle, 8192);
}
fclose($handle);
}
Firstof: a Form that posts(Data, a file) do a server it has not been called from ist considered a security risk. It is not so easy to implement so that browsers feel confident. So your recieving script should be on the same server.
That is why I would move the files after they have been posted.
I would use the command line for that if you have a linux/unix server.
You will have to copy the file from your host onto the target and delete the orginal file when successful.
Either in the filesystem(on the same server) via
system("cp filename targetdir");
or onto a different server via
system("scp filename server:targetdir")
also have a look at "rsync" which ist much more efficient when syncing files from server to server.
I'm downloading mp4,mp3 etc.. files from my server with php. But browsers are not showing the size of file.
I searched everywhere but i couldn't find any working answer. Hope you can help me. Thanks in advance.
Here is the code :
function force_download($file)
{
$ext = explode(".", $file);
switch($ext[sizeof($ext)-1])
{
case 'jar': $mime = "application/java-archive"; break;
case 'zip': $mime = "application/zip"; break;
case 'jpeg': $mime = "image/jpeg"; break;
case 'jpg': $mime = "image/jpg"; break;
case 'jad': $mime = "text/vnd.sun.j2me.app-descriptor"; break;
case "gif": $mime = "image/gif"; break;
case "png": $mime = "image/png"; break;
case "pdf": $mime = "application/pdf"; break;
case "txt": $mime = "text/plain"; break;
case "doc": $mime = "application/msword"; break;
case "ppt": $mime = "application/vnd.ms-powerpoint"; break;
case "wbmp": $mime = "image/vnd.wap.wbmp"; break;
case "wmlc": $mime = "application/vnd.wap.wmlc"; break;
case "mp4s": $mime = "application/mp4"; break;
case "ogg": $mime = "application/ogg"; break;
case "pls": $mime = "application/pls+xml"; break;
case "asf": $mime = "application/vnd.ms-asf"; break;
case "swf": $mime = "application/x-shockwave-flash"; break;
case "mp4": $mime = "video/mp4"; break;
case "m4a": $mime = "audio/mp4"; break;
case "m4p": $mime = "audio/mp4"; break;
case "mp4a": $mime = "audio/mp4"; break;
case "mp3": $mime = "audio/mpeg"; break;
case "m3a": $mime = "audio/mpeg"; break;
case "m2a": $mime = "audio/mpeg"; break;
case "mp2a": $mime = "audio/mpeg"; break;
case "mp2": $mime = "audio/mpeg"; break;
case "mpga": $mime = "audio/mpeg"; break;
case "wav": $mime = "audio/wav"; break;
case "m3u": $mime = "audio/x-mpegurl"; break;
case "bmp": $mime = "image/bmp"; break;
case "ico": $mime = "image/x-icon"; break;
case "3gp": $mime = "video/3gpp"; break;
case "3g2": $mime = "video/3gpp2"; break;
case "mp4v": $mime = "video/mp4"; break;
case "mpg4": $mime = "video/mp4"; break;
case "m2v": $mime = "video/mpeg"; break;
case "m1v": $mime = "video/mpeg"; break;
case "mpe": $mime = "video/mpeg"; break;
case "mpeg": $mime = "video/mpeg"; break;
case "mpg": $mime = "video/mpeg"; break;
case "mov": $mime = "video/quicktime"; break;
case "qt": $mime = "video/quicktime"; break;
case "avi": $mime = "video/x-msvideo"; break;
case "midi": $mime = "audio/midi"; break;
case "mid": $mime = "audio/mid"; break;
case "amr": $mime = "audio/amr"; break;
default: $mime = "application/force-download";
}
header('Content-Description: File Transfer');
header('Content-Type: '.$mime);
header('Content-Disposition: attachment; filename='.basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: '. filesize($file));
ob_clean();
flush();
readfile($file);
}
if (isset($_POST['downl'])){
$file = "http://localhost/project1/downloads/gmf.mp4";
force_download($file);
}
<form method="POST" action=''>
<?php echo'<input type="submit" name="downl" value="Download Baby" >' ; ?>
</form>
If i try to show file size with echo filesize($file) it gives this error :
Warning: filesize(): stat failed for http://localhost/project1/downloads...
Since php 5.0.0 the file command supports http wrappers but the http wrapper does not support stat commands like size. So you cannot get the file size in your case with size.
I'm have using Php, MongoDb and GridFs to store and retrieve files. It works fine for images, but I want to store files with docx, pdf, csv and etc. extensions. Here is my code:
$ext = $this->getFileExt($_FILES["news_attachment"]["name"]);
switch ($ext) {
case 'pdf':
$mimeType = 'application/pdf';
break;
case 'doc':
$mimeType = 'application/msword';
break;
case 'docx':
$mimeType = 'application/vnd.openxmlformats-officedocument.wordprocessingml.document';
break;
case 'xls':
$mimeType = 'application/vnd.ms-excel';
break;
case 'xlsx':
$mimeType = 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet';
break;
case 'ppt':
$mimeType = 'application/x-mspowerpoint';
break;
case 'pptx':
$mimeType = 'application/vnd.openxmlformats-officedocument.presentationml.presentation';
break;
case 'csv':
$mimeType = 'text/csv';
break;
case 'txt':
$mimeType = 'text/plain';
break;
default:
$mimeType='application/pdf';
}
$gridFs = $this->getGridFs();
$fileData = array(
"filename" => microtime(true) . "." . $ext,
"contentType" => $mimeType);
$_id = $gridFs->storeUpload("news_attachment", $fileData);
But I get the same error message Message: error setting up file: . I've checked the file size is 78kb, $fileData is ok also. So, my question is - What else can caused this error?
Would you not be supplying the same argument when trying to upload:
$gridFs->storeUpload($_FILES["news_attachment"]["name"],
or possibly
$gridFs->storeUpload($_FILES["news_attachment"]["tmp_name"],
I just need to add check for error if(!empty($_FILES["news_attachment"]) && $_FILES["news_attachment"]["error"] == 0){ save file}
I have this download script which works perfectly, but one the file is downloaded, I want the page to reload. But once the file is downloaded, the page just dies? It is supposed to be a secure download script so users can't see the paths of files. It's called by using a POST submission
<?php
session_start();
//Assign variables from session
$userid = $_SESSION["id"];
$email = $_SESSION['email'];
$password = $_SESSION['password'];
//Require database connection and functions
require('includes/config.php');
include('includes/functions.php');
//Check if user is logged in
if (!$userid || !$email || !$password)
{
header("Location: index.php");
}
// Usage: Download
// Path to downloadable files (will not be revealed to users so they will never know your file's real address)
$hiddenPath = "uploaded_notes/";
// VARIABLES
if (!empty($_POST['file'])){
$file_id = $_POST['file'];
$result = mysql_query("SELECT * FROM files WHERE id='$file_id'");
$row = mysql_fetch_array($result);
$file = $row['location'];
$price = $row['price'];
$result2 = mysql_query("SELECT coins FROM users WHERE id='$userid'");
$row2 = mysql_fetch_array($result2);
$coins = $row2['coins'];
$new_coins = $coins-$price;
if ($new_coins >= 0)
{
mysql_query("UPDATE users SET coins = $new_coins WHERE id='$id'");
}
else {
header("Location: dashboard.php");
die();
}
//Insert into purchases
$datetime = date("Y-m-d H:i:s");#
mysql_query("INSERT INTO purchases (userid, fileid, datetime) VALUES ('$userid', '$file_id', '$datetime')");
$file = str_replace('%20', ' ', $file);
$category = (!empty($_GET['category'])) ? $_GET['category'] . '/' : '';
} else {
header('Location: dashboard.php');
die('Hacking attempt reported.');
}
$file_real = $hiddenPath . $category . $file;
$ip = $_SERVER['REMOTE_ADDR'];
// If requested file exists
if (file_exists($file_real)){
// Get extension of requested file
$extension = strtolower(substr(strrchr($file, "."), 1));
// Determine correct MIME type
switch($extension){
case "asf": $type = "video/x-ms-asf"; break;
case "avi": $type = "video/x-msvideo"; break;
case "exe": $type = "application/octet-stream"; break;
case "mov": $type = "video/quicktime"; break;
case "mp3": $type = "audio/mpeg"; break;
case "mpg": $type = "video/mpeg"; break;
case "mpeg": $type = "video/mpeg"; break;
case "rar": $type = "encoding/x-compress"; break;
case "txt": $type = "text/plain"; break;
case "wav": $type = "audio/wav"; break;
case "wma": $type = "audio/x-ms-wma"; break;
case "wmv": $type = "video/x-ms-wmv"; break;
case "zip": $type = "application/x-zip-compressed"; break;
case "jpg": $type = "image/jpeg"; break;
default: $type = "application/force-download"; break;
}
// Fix IE bug [0]
$header_file = (strstr($_SERVER['HTTP_USER_AGENT'], 'MSIE')) ? preg_replace('/\./', '%2e', $file, substr_count($file, '.') - 1) : $file;
// Prepare headers
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public", false);
header("Content-Description: File Transfer");
header("Content-Type: " . $type);
header("Accept-Ranges: bytes");
header("Content-Disposition: attachment; filename=\"" . $header_file . "\";");
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . filesize($file_real));
// Send file for download
if ($stream = fopen($file_real, 'rb')){
while(!feof($stream) && connection_status() == 0){
//reset time limit for big files
print(fread($stream,1024*8));
flush();
}
fclose($stream);
}
}else{
// Requested file does not exist (File not found)
echo("Requested file does not exist");
die();
}
?>
The refresh code works if I put it right before
print(fread($stream,1024*8));
But after that it does not work...
Downloading a file is a one time thing. You won't be able to redirect after the file is downloaded. You can try adding a refresh header before pumping out your contents, but some browsers will see that as a cancellation.
See this post for more information: https://stackoverflow.com/questions/5960895/redirect-after-download-not-working-php
You can read this post, this post, and this post for more information.
Basically, what they all boil down to is the HTTP headers. A redirect header cannot be sent after you have echoed content. On the other hand, a redirect header before echoing content will just cancel the download.
A different way you could do this would be to have a hidden iframe, and submit your request there, but I am guessing that isn't what you are wanting.