I on a system where site owners can load securely pdf documents into a document bank based on their category, ei: meeting related documents, ebooks, reports, etc. The system loads them into a directory based on the category in which they were assigned at the time of the upload. This means not all pdf documents will be in the same sub-directory as each category has its own sub-directory in which it stores its files. When the site owner, from the frontend, views a list of all the documents in that category and clicks on the document, currently it opens a modal that allows them to view the file data and download the file; but it doesn't allow them to view the pdf file prior to downloading or simply to print instead of downloading. What I am trying to do is write a php code that will dynamically pull the correct pdf and display it in an iframe on the corresponding download page for the owners to view. These are the various ways I've attempted this, each one failed.
MODIFIED Version 1.0 failed:
<?php
$file = 'docstation/$parent_type/$parent_id'/$id;
$filename = '$file_name'; /* Note: Always use .pdf at the end. */
header('Content-type: application/pdf');
header('Content-Disposition: inline; filename="' . $file_name . '"');
header('Content-Transfer-Encoding: binary');
header('Content-Length: ' . filesize($file));
header('Accept-Ranges: bytes');
#readfile($file);
?>
EXPLANATION: The real path is docstation/com_docstation/97/...
1-> 'docstation' being a directory that sits on the root of their site
2-> '$parent_type' = 'com_docstation' referenced in the sql table as the method of upload (another method is via an attachment to an article, so i'd need this to be dynamic too)
3-> 'parent_id' = '97' the id of the category which would also equal the name of the sub_directory the file is actually stored in, aka '97'
4-> 'id' = being the id of the document
I thought fore sure this would work but it didn't
MODIFIED Version 1.1 failed:
<?php
echo "<iframe src=\"http://docs.google.com/gview?url=docstation/$parent_type/$parent_id'/$id\" width=\"100%\" style=\"height:100%\"></iframe>";
?>
This didn't either. I'm open to suggestions. All I know is that I can't put a real path in there because the path will vary from one document to another based on the method of upload and the category assigned.
Anyone got any suggestions?
Dorothy
Related
We have had a site for many years, PHP on Ubuntu where clients can download forms/letters as pdfs, then upload them when completed.
Now when re-downloading client's uploaded multi-page pdf, the first (cover) page is blank and Adobe acrobat says "error exists on page...". When we ftp the document, the file is fine with no errors, so the problem has to be in the file download / readfile() process.
This error occurs in both Chrome & Firefox (all updated). If you just view the pdf in the browser, the cover page appears to be fine and readable, however, if you download it you get the same adobe error and blank first page. I am at a loss for how to diagnose this.
Below is the PHP code we use to pull the file.
Please note, for security reasons we do not allow linking directly to any files. The link is to a php page that validates an encoded file request for permission to read a file, then pulls the correct file info from the database for that user, then reads the file and serves it back to the client. I have not included the validation or database related code, just the relevant readfile code:
header("Content-Length: " . filesize('/filestore/' . $doc['filename']));
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header('Content-type: application/pdf');
header('Content-Disposition: attachment; filename="' . $docname . '.' . strtolower(end(explode('.', $doc['filename']))) . '"');
header("Pragma: private");
readfile('/filestore/' . $doc['filename']);
Additional info based on questions in comments:
To prevent direct linking and brute force scraping of documents, the file store is not in a public folder (so no direct linking).
User links look something like this My File with the id encoded with the file info and CSRF token plus session token checks as part of the validation. The download.php file validates the user and file to make sure they have permission to the document then calls the code above to obtain and "serve" the file to the browser.
$docname is the client's original filename for the file stored in the database. We save files with our own generated file name to prevent naming conflicts when clients use the same file name, this is stored in the DB as $doc['filename']. We restore the client's filename when downloading.
I have a web page in which user was given certain input methods to fetch data from database. data will be displayed on web page.
I want to store data that user fetched data from my s-q-l database into an excel file.
command i'm using is given below
$excelquery1="SELECT * FROM excel12 INTO OUTFILE 'D:/Downloads/xyz.csv'";
$excelresult1=mysql_query($excelquery1);
it is running ok and data being fetched will be stored in a new file created in Downloads folder with a name xyz.csv
but user have to go manually to that location to check file.
how is it possible that user must be shown downloaded file in the download bar. + I also want to ask that if the xyz.csv is already present in the location when the query execute so in that scenario this query won't get execute saying file already present. so how to tackle this problem ?
how to give unique file name to the file that will be created..
This is the main idea. You need to adequate the code to your need
$file="/path/to/file".date("YmdHis").".csv"; //file location
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.basename($file).'"');
header('Content-Length: ' . filesize($file));
readfile($file);
In my application, there are some PDF files that users upload to server. These are private files and they cannot have global visibility.
I'm trying to upload these files to a protected directory (/protected/uploads, for example). The users must be able to view these files, but they must not be visible by the client browser.
Something like an "internal view" of my application.
How can I do that?
If I use the "assets" directory the files will be global visible, right?
Thanks!
You need to send the right header and perform a readfile such as:
header('Content-type: application/pdf');
header('Content-Disposition: inline; filename="yourPDF.pdf"');
header('Content-Length: ' . filesize($filename));
readfile($filename);
This will open the file in the browser as you requested and will prevent the user to grab it directly.
What you are after is a method on the request component, sendFile. It's briefly described here: http://www.yiiframework.com/doc/api/1.1/CHttpRequest#redirect-detail
Usage would be:
Yii::app()->request->sendFile($filename, $content);
$filename will be what you want the file users download to be called
Let's say the user upload a zip file called codeigniter.zip. And my application saved it with name 1.zip that is the file's id in database table. Also it saved file's original name to the table. If the user download this file he download it by name 1.zip. How can i give this file to the user with name codeigniter.zip? Thank you.
You could do something like this:
$actual_filename = '1.zip'; // I assume this will come from some model's method
$desired_filename = 'codeigniter.zip' // same is assumed here
header('Content-Disposition: attachment; filename=' . $desired_filename);
echo file_get_contents('/path/to/' . $actual_filename);
Content-Disposition: attachment should make the browser prompt the user to download the file, and filename= tells the browser what to call the file [by default].
i am using PHP to connect to a MySQL Database and customers can login to my website and it lists rows form a table based on their login etc.
I need to be able to display a link to a file name in the database but i don't want users to be able to see the link to the file.
for example, they can download file 1234.pdf and if they can view the actual link, they might think of going to the same location but doing file 5678.pdf which is only meant for another user to download.
so basically i want to hide the link in a long string or something but i'm not sure where to start - any ideas?
Thanks
EDIT:
lets say Customer A logs in, they can view rows from table1
TABLE1
customer file_link
A 1234.pdf
A 5678.pdf
B 8765.pdf
B 4321.pdf
so, i dont want customer A to be able to view the links for customer B.
i mean, if customer A hovers over a link and can see the main file path they can type this in their web browser and then change the file name (guess it) to something else and download another customers file(s)
if you're planning on not letting others see the file links then you probably wouldn't want search engines to see them as well. A typical way of forbidding users from trying out such stuff is to have a specific page that flushes the file instead of linking directly to the file. E.g.,
Download
then in download.php you could check user permissions and make the browser download the file.
<?php
$file = 'file1234.pdf';
$file_url = 'http://www.test.com/files/' . $file;
header('Content-Type: application/octet-stream');
header('Content-Transfer-Encoding: Binary');
header('Content-disposition: attachment; filename="' . $file_url . '"');
readfile($file_url);
die();
?>
I think this is what you'll need.