My code was working and I don't see issues with it. I tested all the MySQL statements in SQL and everything is fine there.
Everytime it fetches the password variable now it only returns Bad Password as if m_Pass is empty.
Anyone see anything wrong with those statements I don't?
I am using this as a one time password file transfer tool that you have to specify the filename and the password for accessing it.
Then it checks the SQL Database that contains the following format:
id | m_File | m_Pass
0 | Test.txt | testpass
Any help would be appreciated.
Index.php:
<?php
echo <<<EOF
<form method="post" action="Index.php">
File:<input type="text" name="txtFilename"><br>
Password:<input type="text" name="txtPassword">
<input type="submit" value="Download" name="submit">
</form>
EOF;
function doProcess()
{
$servername = "localhost";
$username = "<username>";
$password = "<Password>";
$dbname = "<dbname>";
$filename = $_POST["txtFilename"];
$pass = $_POST["txtPassword"];
echo $filename . "<br>";
if ($filename = ""){
return;
}
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
echo "Connected successfully" . "<br>";
$sql = "SELECT id, m_Pass FROM Main WHERE m_File = '$filename'";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$m_id = $row["id"];
echo $m_id . "<br>";
if ($row["m_Pass"] == $pass){
echo "Downloading.<br>";
//Download File
$filename = utf8_decode("<Path>" . $filename);
if (file_exists($filename)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($filename));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($filename));
ob_clean();
flush();
readfile($filename);
$sql = "delete from Main where id = '$m_id'";
$result = mysqli_query($conn, $sql);
}
} else {
echo $pass . " | '" . $row["m_Pass"] . "'<br>";
echo "Bad Password.<br>";
}
echo "Done.<br>";
// Close connection
$conn->close();
}
if(isset($_POST['submit']))
{
doProcess();
}
?>
Got it... Turns out the SQL query command wasnt appending the $filename because of the block:
if ($filename = ""){
return;
}
And I see why... I am assigning the value not comparing lol.
Related
i have blob images that are stored in the database I want to download it to my device.
the image will be download (as ***.jpg) but it is corrupted .
this is my download.php code
<?php
$servername = "localhost";
$dbusername = "root";
$dbpassword = "";
$dbname = "text_blob1";
$con= new mysqli($servername, $dbusername, $dbpassword, $dbname);
$id=$_GET["id"];
$sql = "select * from table1 where id=$id "; // 1
$res = $con->query($sql);
while($row = $res->fetch_assoc())
{
$name = $row['name'];
echo "<br>";
$size = $row['size'];
echo "<br>";
$type = $row['extension'];
echo "<br>";
$image = $row['image'];
}
header("Content-type: ".$type);
header('Content-Disposition: attachment; filename="'.$name.'"');
header("Content-Transfer-Encoding: binary");
header('Expires: 0');
header('Pragma: no-cache');
header("Content-Length: ".$size);
echo $image;
exit($image);
?>
thanx <3
Everything you output to the page is considered a file contents. I suppose you don't want "<br>" to be in the contents of your file.
Second point - do not do any output before setting headers.
Third point - exit('string') outputs 'string', so you output content of your file twice: with echo and with exit.
So, your code should look like:
$id=$_GET["id"];
$sql = "select * from table1 where id=$id "; // 1
$res = $con->query($sql);
while($row = $res->fetch_assoc())
{
$name = $row['name'];
$size = $row['size'];
$type = $row['extension'];
$image = $row['image'];
}
header("Content-type: ".$type);
header('Content-Disposition: attachment; filename="'.$name.'"');
header("Content-Transfer-Encoding: binary");
header('Expires: 0');
header('Pragma: no-cache');
header("Content-Length: ".$size);
echo $image;
exit();
I am getting an error to fetch the pdf file from the database.Below mentioned is my code,please review my code and give me your valuable suggestion.And it's showing output as failed to open the document.Please help me.
<?php
$server = 'localhost';
$user = 'root';
$pass = '';
$db = 'upload';
// Connect to Database
$connection = mysql_connect($server, $user, $pass) or die ("Could not connect to server ... \n" . mysql_error ());
mysql_select_db($db) or die ("Could not connect to database ... \n" . mysql_error ());
$id = intval($_GET['id']);
$file= 'SELECT `name`,`size`, `created`,`data` FROM `upload`';
$result = mysql_query($file);
if($d = mysql_fetch_array($result))
{
$file = $d['name'];
header('Content-type: application/pdf');
header("Content-Disposition: inline; name=".$row['name']);
header('Content-Transfer-Encoding: binary');
header('Content-Length: ' . size($file));
header('Accept-Ranges: bytes');
header("Location: $file");
#readfile($file);
}
else{
echo'No file with the specified ID exists';
}
?>
One issue that I see is the single "=" in your if statement. '=' is for assignment and '==' is for comparison.
Try changing
if($d = mysql_fetch_array($result))
to
if($d == mysql_fetch_array($result))
EDIT: However, I don't think that will quite work either. I would try
$d = mysql_fetch_array($result);
if ($d === true)
if($result) {
// Make sure the result is valid
if($result->num_rows == 1) {
$row = mysqli_fetch_assoc($result);
header('Content-type: application/pdf');
header("Content-Disposition: inline; name=".$row['name']);
header('Content-Transfer-Encoding: binary');
header("Content-Length: ". $row['size']);
header('Accept-Ranges: bytes');
// Print data
#readfile($row['data']);
echo $row['data'];
}
else {
echo 'Error! No image exists with that ID.';
}
I have a MySQL database where I have a table call for example "ALL" can contain a blob files.
In the table i have stored the: size of the file, the type, the name and the content.
The problem come when i try download the blob file.
This is my script:
<?php
$connection = mysqli_connect("localhost","user","password",dbname)
or die('Database Connection Failed');
mysqli_set_charset($connection,'utf-8');
$query = "SELECT * " ."FROM ALL WHERE id = '25'";
$result = mysqli_query($connection,$query)
or die('Error, query failed');
list($id, $user_made, $title, $category, $sub_category, $text, $type, $date, $time, $namefile1, $typefile1, $sizefile1, $contentfile1, $namefile2, $typefile2, $sizefile2, $contentfile2, $namefile3, $typefile3, $sizefile3, $contentfile3) = mysqli_fetch_array($result);
echo $id . $namefile1 . $typefile1 . $sizefile1;
header('Content-Length: '.$sizefile1);
header('Content-Type: '.$typefile1);
header('Content-Disposition: attachment; filename="'.$namefile1.'"');
header('Content-Transfer-Encoding: binary');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
ob_clean();
flush();
// echo $contentfile1;
mysqli_close($connection);
exit;
?>
But the page output only the echo of "$contentfile1" and "$id . $namefile1 . $typefile1 . $sizefile1".
Everyone can help me?
Thanks
Add this code before ob_clean.
$context = stream_context_create();
$file = fopen($filename, 'rb', FALSE, $context);
while(!feof($file))
{
echo stream_get_contents($file, max_bytes_to_read);
}
fclose($file);
You can get more information about stream_get_contents at http://php.net/manual/en/function.stream-get-contents.php
I want to download pdf files or any other file but my main motive is to download pdf files. Is it possible instead of download we can see the pdf files on browser when user submit a query.
There is my upload code this works fine`
<!DOCTYPE html>
<html>
<body>
<form method="post" enctype="multipart/form-data">
<table width="350" border="0" cellpadding="1" cellspacing="1" class="box">
<tr>
<td width="246">
<input type="hidden" name="MAX_FILE_SIZE" value="2000000">
<input name="userfile" type="file" id="userfile">
</td>
<td width="80"><input name="upload" type="submit" class="box" id="upload" value=" Upload "></td>
</tr>
</table>
</form>
</body>
</html>
<?php
$uploadDir = 'C:\wamp\www\images\passport images';
if(isset($_POST['upload']))
{
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];
$filePath = $uploadDir . $fileName;
$result = move_uploaded_file($tmpName, $filePath);
if (!$result) {
echo "Error uploading file";
exit;
}
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "db_dat";
$conn = mysqli_connect($servername, $username, $password, $dbname);
if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
$filePath = addslashes($filePath);
}
$query = "INSERT INTO upload2 (name, size, type, path ) VALUES ('$fileName', '$fileSize', '$fileType', '$filePath')";
mysqli_query($conn,$query) or die('Error, query failed : ' . mysql_error());
echo "<br>Files uploaded<br>";
}
?>
**Now problem in download code**. Actually I want user submit a query in text box acc. to that text as well as it's image which is scanned So in pdf format shows to him
<?php
if(isset($_GET['id']))
{
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "db_dat";
$conn = mysqli_connect($servername, $username, $password, $dbname);
$id = $_GET['id'];
$query = "SELECT name, type, size, path FROM upload2 WHERE id = '1'";
$result = mysqli_query($conn,$query) or die('Error, query failed');
list($name, $type, $size, $filePath) = mysqli_fetch_array($result);
header("Content-Disposition: attachment; filename='".$name."'");
header("Content-length: $size");
header("Content-type: $type");
echo "<a href=" . $uploadDir .($row['userfile']) . ">
{$row['userfile']}</a>";
exit;
}
?>
`
here is my download function that you can use to download any file.
function dawnload_file($path) {
if (file_exists($path) && is_file($path)) {
// file exist
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename=' . basename($path));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($path));
set_time_limit(0);
#readfile($path);//"#" is an error control operator to suppress errors
} else {
// file doesn't exist
die('Error: The file ' . basename($path) . ' does not exist!');
}
}
and here is my function for opening pdf files in the browser online.
function read_pdf_online($path){
if (file_exists($path) && is_file($path)){
// file exist
header("Pragma: public"); // required
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private",false); // required for certain browsers
header("Content-Type: application/pdf");
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize($path));
#readfile( $path );
else {
// file doesn't exist
die('File Not Found: ' . basename($path));
}
}
Your headers tell the browser that file data will follow:
header("Content-Disposition: attachment; filename='".$name."'");
[…]
But instead of the file data you just output a link:
echo "{$row['userfile']}";
This will result in error. You have two options to fix it. Either output the link without misleading headers. When user clicks the link server will send the file to the browser. If the mime type is known to the server it will set the headers for you.
Alternatively send file data instead of link after your headers (you can read and output your file data with readfile command):
header("Content-Disposition: attachment; filename='".$name."'");
header("Content-length: $size");
header("Content-type: $type");
readfile($uploadDir . $row['userfile']);
How can I remove the file from the user if the file was successfully downloaded? I have here a download function but I don't know how to do a one time download.
HTML codes with PHP:
<?php
$result=mysql_query("SELECT * FROM school_management");
while($row=mysql_fetch_array($result))
{
?>
<div class="col-xs-6 col-md-3" style="padding-bottom: 10px;">
<div class="thumbnail">
<img src="images/ebooks/<?php echo $row['PICTURE'];?>" alt="...">
</div>
<p><center>Download</center></p>
</div>
<?php
}
?>
file.php
<?php
include('config.php');
$file=$_GET['file'];
echo $file;
header("Content-disposition: attachment; filename=$file");
header("Content-type: application/pdf");
header('Content-Description: File Transfer');
header('Pragma: public');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
readfile("$file");
?>
My file.php can only download the file with letters in title but if the file has symbols or numbers in the title, I can't download the file. So I changed all the pdf titles for me to be able to download it. Any suggestions to make my file.php download correctly and if the user downloads the file successfully, the file will be deleted from the user's database.
Database Name: caledte1_ebook
Table Name: school_management
Table Columns: ID_NUMBER, EBOOK_FILENAME, PICTURE
Just make a database call in file.php. You probably also want to validate that the file exists before delivering it.
$filename = mysql_real_escape_string($_GET['file']);
$result = mysql_query("SELECT id_number FROM school_management WHERE ebook_filename = '$filename'");
if(mysql_num_rows($result) == 0) {
// Perform error handling
}
mysql_query("DELETE FROM school_management WHERE ebook_filename = '$filename'");
New PHP / HTML File:
<?php
$dbhost = ""; //Enter db host here
$dbuser = ""; //Enter db user here
$dbpass = ""; //Enter db pass here
$dbname = ""; //Enter db name here
$db = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
/* check connection */
if ($db->connect_errno) {
printf("Connect failed: %s\n", $db->connect_error);
exit();
}
$sql = "SELECT * FROM school_management";
if ($result = $db->query($sql)){
while ($row = $result->fetch_assoc()){ ?>
<div class="col-xs-6 col-md-3" style="padding-bottom: 10px;">
<div class="thumbnail">
<img src="images/ebooks/<?php echo $row['PICTURE'];?>" alt="...">
</div>
<p>
<center>
Download
</center>
</p>
</div>
<? }
$result->free();
} else {
printf("Error: %s\n", $db->error);
}
$db->close();
?>
File.php:
<?php
$dbhost = ""; //Enter db host here
$dbuser = ""; //Enter db user here
$dbpass = ""; //Enter db pass here
$dbname = ""; //Enter db name here
$db = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
/* check connection */
if ($db->connect_errno) {
printf("Connect failed: %s\n", $db->connect_error);
exit();
}
$file = $_GET['file'];
if (file_exists($file)) {
header('Content-Description: File Transfer');
header('Content-Type: application/pdf');
header('Content-Disposition: attachment; filename='.basename($file));
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
readfile($file);
$file = $db->real_escape_string($file);
$sql = "DELETE FROM school_management WHERE ebook_filename = '". $file ."'";
if ($succes = $db->query($sql)){
//Succesfull deleted code handle here
} else {
printf("Error: %s\n", $db->error);
}
$db->close();
}
?>
Ofcourse you could take the mysqli() connection parts out of these and use a seperate file for that.