How to resume a download when the request contains POST data? - php

I have a php file which generate a file to be downloaded using POST parameters. I already have everything working to resume file downloading (using Range header and everything related).
However, if I pause the download and then try to resume it, the browser does not send POST data in the request. This works fine using GET data instead but I'd like to keep using POST. How could I make this work ?
Notes:
The file is generated on the fly and sent to the browser (simply print'ed by php) using the right headers.
I cannot save the file somewhere and serve it. It has to be served on the fly.

*sorry for my bad english.
well, lets say that you have database to save the POST params.
then you need to create unique url for the download based on the params.
lets say that the download link is dowload.php <- you send the POST here.
now you need to save the params there, and lets says that you get the unique_id.
after that you redirect the page to the new page(with the unique_id param) that process the download, for example resume_download.php
example download url will be resume_download.php?req=[your_unique_id]
or you can use .htaccess to made the url more friendly
this is not guarantee the download will continue, but at least user don't need to re-enter the form.

Related

How to force CSV download when it reaches the client-side? (PHP)

I am trying to serve up a CSV file as the response to a get request.
If I go onto Dev tools -> Network I can see the CSV values in the response preview, and if I double click that it will download the file. However I can't seem to get it to download automatically.
I have messed around with every type of header I can think of.
Any ideas?
Yes, It seems you can't get file downloads from ajax requests (Thanks to Quentin for the linked answer in the comments), at least not easily anyway.
This is because there is a subtle separation between the user and the browser. Ajax is triggered by the browser so the file is returned to the browser not the user.
A form submit on the other hand is triggered by the user and so the file is returned to the user (automatically downloading).
So in order to fix this I changed to a form with a post method with hidden inputs and it now works a treat.
Thanks all.

How to use PHP page to read file outside doc root, but still disallow direct access to the file

I am not a PHP master at all, but I was a front-end web designer some years back. I created a page that plays MP3s using this audio player. I want to prevent users from downloading the MP3 files directly, so I put them outside of the document root and used this script to load the file using PHP. The problem is that anyone can enter the URL the script uses to call the file into a browser to download the MP3.
I tried placing a variable on the PHP page that is calling the MP3 and then telling the file calling script that if the variable doesn't match, then to redirect user back to the home page. So if user puts the URL the script uses to call the file into a browser they will just redirected back to the home page. The redirect works, but the PHP page with the actual variable present doesn't seem to work in allowing the PHP script to call the MP3 when the variable is present.
Is there a better way to go about this? I am very very novice with PHP.
You need some sort of user authentication.
For example, you can generate random tokens (something complex) for users (that have usernames or IDs) and make the users send their tokens and IDs with the request of the song.
Prior to your code that does the mp3 streaming, you check if the combination of the token and ID is a match and in fact it exists in the database. If so, you allow to proceed with the streaming/download of the mp3.

Can I read a local image with PHP, then post the image data as a multipart form request

As in title:
I'm playing with the picnik API and wondering if there is a way to programatically send picnik the image data as if the user uploaded the image themselves.
I'm looking at doing it this way because the site is a CMS and I can't pass picnik a URL to get the image as the site is behind a login.
So essentially:
PHP loads the image from the disk and then generates a page containing a form which has this image data loaded into it already. Clicking the submit button sends the request to picnik and they get the image.
Is this possible, or is there a better way?
Reference: http://www.picnik.com/info/api/tutorials/sending-images-in
If the image isn't stored at the server, you cannot do this. Because of the sandbox security-model. You can't read data from a client via javascript or php.
If I understood the problem correct, in other words it is as follows: users of your CMS behind the login can't send images directly to picnik, because if you store the image at your server, picnik can't read it due to access restrictions.
If that's correct, you can fake the image sending form, described in picnik's manual as Case #3: Sending image data with HTTP POST. All you need to do is to make a form with file input field. Then user submits the image to your CMS and instead of storing it on the server and sending the link to picnik, you can just use a curl post request to send the data to picnik right away.
For your user it will look like he posted the image to your CMS. For picnik it will look like the user submited the image to them.

page sends file to curl i want to get download link insted

there is a page that i need to post a password to it and then i get a file to download.
the post goes to the same page address its loads again and pop up the download manager (download starts automatically).
now i want to do the same but in curl, i posted the data to the url and then its sends me the file back but i don't want my script to download the whole file i want only to get a link to download it by myself.
how can i do that?
Actually, you most probably can't. Such password protected download system usually checks either cookies or browser / environment based variables. Getting the link itself shouldn't be problem, however you could not use it outside this generator's scope anyway.
firstly you need to post that password with curl assuming "on specific form. the form will take you to the downloading page" now you need to use regex (regular expressions).
filter the data you want then save it on other variable to re-use it.
There is for sure a redirection after you hit 1st page with POST. Look for that redirection with curl and read http response headers: Content-Location or Location or even Refresh
To prevent the automatic download you have to set the curl opt to not follow redirects. I can't remember the exact command but curl by default will follow auto refreshes and URL redirects, which happen in split seconds so humans don't actually see it happening.
I kinda don't understand what you really want to do, but if you just want a link then have the php script perform the entire curl post and everything when they click it. Doesn't matter what the web server will require a password before access to a file, you can't skip that step.

Read header files and do something before full photo upload happens

I am passing a GUID as a header and a photo as a body to a php file. The GUID is used to authenticate. If it's not valid, I want to end the call and I do this using
die("GUID was expired");
This works fine, but my issue is that the whole photo is uploading before that gets called. This is bad for the user. I want to read the header and have the upload wait until I do the validity check. Is this possible in php? So rather than uploading the photo, then getting a failed response, just upload the headers from objective c, if the Guid is valid, then upload the photo.
Thanks!
I don't believe that's possible in PHP; the browser will POST the image content body before PHP ever gets a say in the matter.
One (slightly complicated) solution to this problem would be to do a HEAD request with an XMLHttpRequest just before the form is submitted using JavaScript. If the request failed, you could display an error message to the user or redirect to a login page. Otherwise, let the form submit as usual. Of course, the GUID could expire between the HEAD request and the subsequent POST, so it's not completely fool-proof.

Categories