I have a file download code using php and my code at download page is follows.
if (file_exists($strDownload)) {
//get the file content
$strFile = file_get_contents($strDownload);
//set the headers to force a download
header("Content-type: application/force-download");
header("Content-Disposition: attachment; filename=\"" . str_replace(" ", "_", $arrCheck['file_name']) . "\"");
//echo the file to the user
echo $strFile;
//update the DB to say this file has been downloaded
mysql_query("xxxxxxxx");
exit;
}
Where the function file_exists() passed with valid check and my $strDownload variable will be something like /home/public_html/uploads/myfile.zip which is located in server folder. But when I trying to download the file instead of downloading, the page displays the full encrypted source of the file. How can I make it downloadable?
EDIT: for the information, myself trying to use this bit of code inside the wordpress system and my file path will be something like http://example.com/wp-content/uploads/2016/02/myfile.zip. Also in the above mentioned code myself checking the file_exists() condition for the server path which is already mentioned above and it returns 1 as desired.
Try this
if (file_exists($file))
{
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
ob_clean();
flush();
readfile($file);
exit;
}
It is solved by using the above bit of codes at beginning of php page. Ie, before declaring the famous wordpress tag get_header();
If we use the above code after get_header(); tag of wordpress, it results in the opening of page first and hence it writes the source of the file in the page instead of downloading since the meta tags are already set.
Related
I have a form which the user fills out with their details & serial number, the software installer is then downloaded, named as their input. e.g. serial.exe
Once the form is submitted I check the file exists and then attempt the file download:
$directory = get_template_directory();
$file = $directory . '/filename.exe';
if (file_exists($file)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.$Serial.'.exe"');
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
readfile($file);
exit;
}
This causes the loading to freeze, nothing below this code is loaded but i can't see any errors & no file is generated.
If i change the file to a .png the code works.
I've also copied the same code to a php page outside of wordpress, the same code runs & downloads the file as desired.
Is it possible that Wordpress is somehow blocking the readfile() request because its an .exe?
EDIT:
It appears to be a problem with the size of the file, rather than the type of file.
A small .exe file has worked & is downloaded correctly.
I'm currently using localhost to run my pages and currently I am trying to download the files my users have uploaded and stored in a folder called uploaded_files
this is the code for my download page which isn't working and I'm not quite sure what's wrong.
<?php
$file = $_GET['file'];
if (file_exists($file)) {
header('Content-Description: File Transfer');
header('Content-Type: application/force-download');
header("Content-Disposition: attachment; filename=\"" . basename($file) . "\";");
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($name));
ob_clean();
flush();
readfile("C:\xampp\htdocs\FYPproject\uploaded_files/".$file); //showing the path to the server where the file is to be download
exit;
} else {
echo "Download failed";
echo $file;
}
?>
file_exists() need to receive the path of the file, if the file name is "test" and it's in "uploaded_files/" so you need to check file_exists("uploaded_files/test"). You don't need to pass the whole path if your php is already in "FYPproject" folder. It's the same for downloading files, you don't need to pass the whole path for readfile().
You are passing a file path with backward slashes and forward slashes to readfile. Even if this is not the cause of your problem you should change it. Change it to this:
readfile("C:\xampp\htdocs\FYPproject\uploaded_files\".$file);
Not all browsers support application/force-download so in this case try replacing the above code with application/octet-stream and see if it works
I am handed over a PHP Code-igniter project by my Manager, and i have not a dependable experience in PHP. Im trying to download a newly created .csv file from server. But when i download it, it does not have the content of that file, instead it shows the header stript of my .html page where im doing the whole coding.
i am trying this using Force Downloading technique, mentioned all over internet.
$filename = $_SERVER['DOCUMENT_ROOT'] . '/apps/views/style/Default/files/'.'Attendance'.'_'.strtotime("now").'.csv';
$file = $filename;
if (is_file($file) == true) {
header('Content-Type: application/vnd.ms-excel');
header('Content-Disposition: attachment; filename="'.basename($file).'"');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header("Pragma: public", true);
header("Content-Transfer-Encoding: binary");
header('Content-Length: ' . filesize($file));
readfile($file);
}
This code runs on a button click, and the File does download, but it does not show the content, but when i manually download that same file directly from Cpanel server, it has content.
When i download it through this coding, it has the html scripts.
It is because you have the code inside a page, which already have html content displayed or in buffer to be displayed, you will have to implement your force download code inside a blank page or keep the code on top of page, so it give you download of the file content only.
header('Content-type: text/csv');
header('Content-Disposition: attachment; filename="'.basename($file).'"');
readfile($file);
What I'm trying to do:
Im trying to push a jpg file to download witout user seeing the URL. In this case the file is located at: http://www.example.com/upload/asdasdsadpokdaspdso/36.jpg.
My current code:
header('Content-type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.$download->name.'.jpg"');
readfile($weburl."/upload/".$hiddenpassage."/".$download->link);
My vars / db values:
$weburl = "http://wwww.example.com";
$hiddenpassage = "asdasdsadpokdaspdso";
$download->link = 36.jpg //not a var, just drom db.
$download->name = The First Test Product //not a var, just from db.
The problem:
When I get the download I open it and I get the following error:
The file “The First Test Product (28).jpg” could not be opened.
It may be damaged or use a file format that Preview doesn’t recognize.
Renaming .jpg to .txt:
http://pastebin.com/K9NGL5RP
Most of that is the content of the page I downloaded it from.
I think you need to specify the whole header (untested). Specially the Content-Length.:
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.$download->name.'.jpg');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($weburl."/upload/".$hiddenpassage."/".$download->link));
readfile($weburl."/upload/".$hiddenpassage."/".$download->link);
Hope this helps.
This one should be easy, I think. I have a paginated image gallery, and under each image is a small link that says "Download Comp". This should allow people to quickly download the .jpg file (with a PHP generated watermark) to their computer.
Now, I know I can just link straight to the .jpg file, but that requires the user to have the image open in a new window, right click, Save As..., etc. Instead, I want the "Download Comp" link to initiate the download of the file immediately.
PHP.net seemed to suggest using readfile(), so each "Download Comp" link is being echoed as "?download=true&g={$gallery}&i={$image}".
Then at the top of the page I catch to see if the $_GET['download'] var isset, and if so, I run the following code:
if(isset($_GET['download'])) {
$gallery = $_GET['g'];
$image = $_GET['i'];
$file = "../watermark.php?src={$gallery}/images/{$image}";
header('Content-Description: File Transfer');
header('Content-Type: application/jpeg');
header('Content-Disposition: attachment; filename='.basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: public');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
ob_clean();
flush();
readfile($file);
}
The link takes a lonnnnnnnnng time, and then it brings up a dialog prompt asking you to Open or Save the file, but once you Save and try to open it, it says the file is corrupt and can't be opened.
Any ideas?
Don't set $file to a relative url. The readfile function will try to access the php file on the server. That is not what you want. In your case it looks like the watermark.php file will send the contents you want, so you could possibly just set up the environment it needs and include it.
<?php
if(isset($_GET['download'])) {
$gallery = $_GET['g'];
$image = $_GET['i'];
$_GET['src'] = "{$gallery}/images/{$image}";
header('Content-Description: File Transfer');
header('Content-Type: image/jpeg');
header('Content-Disposition: attachment; filename='.basename($image));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: public');
header('Pragma: public');
ob_clean();
include('../watermark.php');
exit;
}
Another (simpler) way is to modify watermark.php. Add a query parameter to make it send the proper headers to force a download and link to that
...
watermark.php:
<?php
if (isset($_GET['download']) && $_GET['download'] == 'true') {
header('Content-Description: File Transfer');
header('Content-Type: image/jpeg');
header('Content-Disposition: attachment; filename='.basename($src));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: public');
header('Pragma: public');
}
// continue with the rest of the file as-is
Also, you don't need the call to flush(). There should not be any output to send at that point, so it is not necessary.
header('Content-Type: image/jpeg');
Perhaps?
I think you might need to follow the call to readfile() with a call to exit() to make sure nothing else gets written to the output buffer.
This seems like a security issue.
What if someone enters:
$g = '../../../../../../';
$i = '../../sensitive file at root';
How about making .htaccess (if you are using apache) i for the gallery directory serve jpegs up as a download rather than normal.
Also, try file_get_contents() instead of readfile(). I find it works under more circumstances. I would also recommend you use ob_flush() after you output the image data. I've never needed to use ob_clean() or flush() to get this kind of thing to work.
And as Eric said, you may also want to put a call to exit() in there as well for good measure if it still isn't working just in case you are getting some junk data stuck at the end.