I have uploaded a file to the server and I would like to download the file. How should I do that .
This is the upload in the controller
{
$model = new Upload();
if ($model->load(Yii::$app->request->post()))
{
$filename = $model->_upload;
$model->_upload= UploadedFile::getInstance($model,'_upload');
$model->_upload->saveAs('uploads/'.$filename.'.'.$model->_upload->extension);
$model->_upload = 'uploads/'.$filename.'.'.$model->_upload->extension;
$model->save();
return $this->redirect(['view', 'id' => $model->id_uploads]);
return $this->redirect(['index']);
}
return $this->render('create', [
'model' => $model,
]);
}
Assuming your uploads folder is in the web directory or webroot, you can use the below function, just copy paste into your controller and then to download the file, type the url along with the filename in the query string like for instance if your controller name is FilesController then the url will be www.mydomain.com/files/download?filename=your_file_name
/**
* Downloads the file
*
* #param string $filename the name of the file to be downloaded
*
* #return mixed
*/
public function actionDownload($filename)
{
$filepath = \Yii::getalias('#webroot') . DIRECTORY_SEPARATOR
. 'uploads' . DIRECTORY_SEPARATOR . $filename;
return \Yii::$app->response->sendFile($filepath);
}
Pay Attention
It is the simplest way to do it you are saving the file name along with the path in the table which is wrong, you should just save the file name along with the extension like my_file.doc without path, and then to download the file just lookup the filename in the table using the file id rather than the filename or any kind of hash that you store along with the filename in the table
public function actionDownload($fileId)
{
$filename = Upload::findOne(['id_uploads'=>$fileId]);
$filepath = \Yii::getalias('#webroot') . DIRECTORY_SEPARATOR
. 'uploads' . DIRECTORY_SEPARATOR . $filename;
return \Yii::$app->response->sendFile($filepath);
}
Secondly you should follow naming conventions for the class properties, _upload for a public property looks odd as mostly private member variables are prefixed with an underscore. you should use some coding standards like phpcs
and what is with the 2 redirect statements inside the if condition
return $this->redirect(['view', 'id' => $model->id_uploads]);
return $this->redirect(['index']);
the second one is unreachable just remove it.
Related
In my Laravel 5.5 project I am having a problem in showing uploaded files. I uploaded the files using Storage. The part of store action of the controller is indicated below.
if ($request->hasFile('content_uz'))
{
$path = $request->file('content_uz')->store('/content/lesson'.$topic->lesson->id.'/topic'.$topic->id);
$data->content_uz = $path;
}
if ($request->hasFile('content_ru'))
{
$path = $request->file('content_ru')->store('/content/lesson'.$topic->lesson->id.'/topic'.$topic->id);
$data->content_ru = $path;
}
Uploading happened successfully. The path to uploaded 'content_uz' file is stored with "storage/app/content/lesson2/topic3" path and content_uz column is stored in my db as below:
content\lesson2\topic3\WSjrlG9a1ermGDOvRJTjn9iEIhfFvhVzjaOs6l79.mp4
How can I display the files in my Blade template? I searched the web, but with no result.
You can use method like this,
public function showFile() {
header("Content-type: video/mp4");
return Storage::get($filePath);
}
I hope this will help.
You may access the files of storage directory by two ways.
If your files are publicly accessible then you may follow laravel public disk.
If your files are protected or private then you may declare a route to access the files.
Route::get('content/{lesson}/{topic}/{file}', function($lesson, $topic, $file)
{
//Check access logic
$filePath = '/content/' . $lesson . '/' . $topic . '/' . $file;
return Storage::get($filePath);
});
I want to upload files with an unique random string as file name, then if I upload a file called file.txt that will be hashed like m84n3nv38tu48a, if I upload the same file again it won't be saved because the same file name with that hash exists.
Then download the file searching it by the original name, hashing again and compare to find out in the directory.
Something like this
public function storeFile(Request $request) {
$file = $request->file('file');
$filename = $file->getClientOriginalName();
$path = $file->move(storage_path()."\\app\\file", md5_file($file);
$response = [
"file Name" => $filename,
"Extension" => $file->getClientOriginalExtension(),
"Path" => storage_path().$path
];
return response()->json($response);
}
public function downloadFile($fileName) {
$fullpath = storage_path()."\\app\\file\\".md5_file($fileName);
$file = file_exists($fullpath);
if($file)
return response()->download($fullpath, $fileName);
return response()->json('File not Found', 404);
}
The md5_file method in downloadFile doesn't (obviously work) because $fileName is a string (not a file) then I get a different hash.
How could I resolve this?
EDIT
I want to replace the entire file name with a unique ID.
I need to store images in a backend for logged in users. The stored images need to be protected and not visible from the outside (public). I choosed a "storage" folder for this.
I came up with this in my Controller:
public function update(Request $request, $id)
{
//Show the image
echo '<img src="'.$_POST['img_val'].'" />';
//Get the base-64 string from data
$filteredData=substr($_POST['img_val'], strpos($_POST['img_val'], ",")+1);
//Decode the string
$unencodedData=base64_decode($filteredData);
//Save the image
$storagepath = storage_path('app/images/users/' . Auth::user()->id);
$imgoutput = file_put_contents($storagepath.'/flyer.png', $unencodedData);
return view('backend.flyers.index')->withImgoutput($imgoutput)
//->withStoragepath($storagepath);
}
after hitting the save button, which triggers the update() I am able to see the image in my view, and it is also stored in my folder (current users=10) "storage/app/images/users/10/flyer.png"
my question is how can I access the image path?
I want to show the stored image with img src="">. I have no idea what to put inside "src= ..."
While dealing with user file uploads in web applications, the major aspect is about user's content's security.
One should use secure way to upload private files of a user in web applications.
As in your case, you want to access user's image outside public folder.
This can be done in a most secure way as given below.
First of all create a directory right in the root directory of Laravel (where the public folder is located), let the directory's name be uploads. Use this directory to upload private user files.
In the case of images create an another directory inside uploads as uploads/images/ inside uploads directory so that you can have a different storage locations for different type of files.
Remember to upload the image in images directory with a different name and without their extensions so that it looks like a extension-less file.
Keep the file name and its extension in the database which can be used later to retain image's location.
Now you need to create a separate route to show user's image.
Route::get('users/{id}/profile_photo', 'PhotosController#showProfilePhoto')->name('users.showProfilePhoto');
PhotosController.php
class PhotosController extends Controller {
private $image_cache_expires = "Sat, 01 Jan 2050 00:00:00 GMT";
public function showProfilePhoto($id) {
$user = User::find($id);
$path = base_path() . '/uploads/images/';
if($user && $user->photo) // Column where user's photo name is stored in DB
{
$photo_path = $path . $user->photo; // eg: "file_name"
$photo_mime_type = $user->photo_mime_type; // eg: "image/jpeg"
$response = response()->make(File::get($photo_path));
$response->header("Content-Type", $photo_mime_type);
$response->header("Expires", $this->image_cache_expires);
return $response;
}
abort("404");
}
}
The method above inside PhotosController - showProfilePhoto($user_id) will run as soon as you access the route named - users.showProfilePhoto.
Your HTML code will look like this.
<img src="<?php echo route('users.showProfilePhoto', array('id' => $user->id)); ?>" alt="Alter Text Here">
The above code will work like a charm and the image will be shown to the user without declaring/publishing the proper image path to public.
According to me this is the secure way to deal with file uploads in web applications.
You can do this like this:
Route::get('images/{filename}', function ($filename)
{
$path = storage_path() . '/' . $filename;
if(!File::exists($path)) abort(404);
$file = File::get($path);
$type = File::mimeType($path);
$response = Response::make($file, 200);
$response->header("Content-Type", $type);
return $response;
});
Reference:
Laravel 5 - How to access image uploaded in storage within View?
Or Alternatively you can use this library: https://github.com/thephpleague/glide
Just use composer to install it in your project
By default, this will render images from your storage, and allow you to do all sorts of things with it such as cropping, color correction etc.
Reference:
http://glide.thephpleague.com/
https://laracasts.com/discuss/channels/laravel/laravel-5-how-can-we-access-image-from-storage?page=1
Atimes you might have some images you do not wish to store in public directory for some various reasons.
Although storing your images has lots of advantages.
There are many ways you can achieve this, however I have this simple solution.
You should create a helper class like so if already don't have one
<?php namespace App\Services;
class Helper
{
public function imageToBase64($path)
{
$type = pathinfo($path, PATHINFO_EXTENSION);
$data = file_get_contents($path);
return 'data:image/' . $type . ';base64,' . base64_encode($data);
}
}
Then in your view (blade)
#inject('helper', 'App\Services\Helper')
<img width="200" height="250" src="{{$helper->imageToBase64(storage_path('app/images/users/' . Auth::user()->id)}}">
It will work 100% work. Open file filesystem in app/config/filesystem.php and write like that
'profile' => [
'driver' => 'profile',
'root' => '/home/folder/public_html/projectname/public/profiles',
],
Add this file at top
use Illuminate\Support\Facades\Storage;
My variable name is
$directoryName = 'profile';
$imageName = $request->image; // image is array of base64 encoded urls
$directory_path ='profiles';
Below function save your file in public/profiles folder.
function UploadImagesByBase64($directoryName, $imageName,$directory_path)
{
$data = array();
$image = $imageName;
foreach ($image as $image_64) {
if($image_64 !=null){
$extension = explode('/', explode(':', substr($image_64, 0, strpos($image_64, ';')))[1])[1]; // .jpg .png .pdf
$replace = substr($image_64, 0, strpos($image_64, ',')+1);
// find substring fro replace here eg: data:image/png;base64,
$image = str_replace($replace, '', $image_64);
$image = str_replace(' ', '+', $image);
$imageName = Str::random(10).time().'.'.$extension;
Storage::disk($directoryName)->put($imageName, base64_decode($image));
$data[] = $directory_path.'/'.$imageName;
}
}
$imageName = implode(',', $data);
return $imageName;
}
in this case I want to safe upload pdf, doc, docx, ppt, pptx, xls, xlsx, rar, zip prevent from arbitrary file upload especially web shell or any evil script.
The problem is how I can validate file, is safe to upload? prevent from bypass like change mime type with tamper data, rename file with multiple extension, using ; and space in file name, lowercase and uppercase file extension and etc.
my controller code look like this
public function fileUpload(){
$ext = ['pdf', 'doc', 'ppt', 'xls', 'docx', 'pptx', 'xlsx', 'rar', 'zip'];
$data = Request::all();
$name = $data['file']->getClientOriginalName();
$rules = [
'file' => 'required'
];
$v = Validator::make($data, $rules);
if($v->passes()){
// Check safe file validation
// should here or something? and how to prevent bypass
// arbitrary file upload especially evil script.
$data['file']->move(public_path('assets/uploads'), $name);
return 'file uploaded';
}else{
return 'file upload failed';
}
}
I would suggest looking at Laravel Middleware for the validation. This will reduce the code in your controllers and allow them to be reused.
I personally change the name of any file upload to something random. I can always save the original file name somewhere in the system if needs be.
I would also look at using a htaccess command which prevents file execution from that folder.
Controller method below
Note: it uses App\Http\Requests\CreateUploadRequest;
public function store(CreateUploadRequest $request)
{
$file = Input::file('file');
$destinationPath = 'assets/uploads'; // upload path
$name = $file->getClientOriginalName(); // getting original name
$fileName = time().rand(11111, 99999) . '.' . $extension; // renaming image
$extension = $file->getClientOriginalExtension(); // getting fileextension
$file->save($destinationPath.'/'.$fileName); // uploading file to given path
}
Middleware
<?php namespace App\Http\Requests;
use App\Http\Requests\Request;
class CreateUploadRequest extends Request {
/**
* Get the validation rules that apply to the request.
*
* #return array
*/
public function rules()
{
return [
'file' => 'required_if:update,false|mimes:pdf,doc,ppt,xls,docx,pptx,xlsx,rar,zip|max:1000'
];
}
}
I think this idea was taken from a laracast video. I'll have a look around to see if i can find it.
I'm trying to display an image stored outside the 'public' folder in my view. These are simple profile images whose paths are stored in the DB. The path looks like
/Users/myuser/Documents/Sites/myapp/app/storage/tenants/user2/images/52d645738fb9d-128-Profile (Color) copy.jpg
Since the image is stored a DB column for each user, my first thought was to create an Accessor in the User model to return the image. I tried:
public function getProfileImage()
{
if(!empty($this->profile_image))
{
return readfile($this->profile_image);
}
return null;
}
That produced unreadable characters in the view. I also tried file_get_contents() in place of read file. Any suggestions about how this might be accomplished?
How about this (just tested it myself and it works):
The view:
<img src="/images/theImage.png">
Routes.php:
Route::get('images/{image}', function($image = null)
{
$path = storage_path().'/imageFolder/' . $image;
if (file_exists($path)) {
return Response::download($path);
}
});
Here is a slightly modified version of #Mattias answer. Assume the file is in the storage/app/avatars folder which is outside the web root.
<img src="/avatars/3">
Route::get('/avatars/{userId}', function($image = null)
{
$path = storage_path().'/app/avatars/' . $image.'.jpg';
if (file_exists($path)) {
return response()->file($path);
}
});
Probably needs and else. Also I have wrapped mine inside the middleware auth Route Group which means you have to be logged in to see (my requirements) but I could do with more control over when it is made visible, perhaps alter the middleware.
EDIT
Forgot to mention that this is for Laravel 5.3.
Here's what I came up with:
I'm trying to show the images in the view, not download. Here's what I came up with:
Note that these images are stored above the public folder, which is why we have to take extra steps to display the image in the view.
The view
{{ HTML::image($user->getProfileImage(), '', array('height' => '50px')) }}
The model
/**
* Get profile image
*
*
*
* #return string
*/
public function getProfileImage()
{
if(!empty($this->profile_image) && File::exists($this->profile_image))
{
$subdomain = subdomain();
// Get the filename from the full path
$filename = basename($this->profile_image);
return 'images/image.php?id='.$subdomain.'&imageid='.$filename;
}
return 'images/missing.png';
}
public/images/image.php
<?php
$tenantId = $_GET["id"];
$imageId = $_GET["imageid"];
$path = __DIR__.'/../../app/storage/tenants/' . $tenantId . '/images/profile/' . $imageId;
// Prepare content headers
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime = finfo_file($finfo, $path);
$length = filesize($path);
header ("content-type: $mime");
header ("content-length: $length");
// #TODO: Cache images generated from this php file
readfile($path);
exit;
?>
If somebody has a better way, please enlighten us!! I'm very interested.