I'm currently attempting to find the source path to a file which I am downloading from it. I'm not sure how to explain, but I'm going to try my best.
I send a GET request to our server, it looks like: GET /en/download.php?pod_id=2138. From here the server proceeds to reply:
Set-Cookie: PHPSESSID=neatgv4m7a1pdorjqmoo76s151; path=/
Content-disposition: attachment; filename=2015-09-06-2.wav
Connection: close
Transfer-Encoding: chunked
Content-Type: Application/octet-stream
I captured this of course using WireShark. Next comes the full WAV file, but I'll spare us that.
I'm curious whether I can get the path to 2015-09-06-2.wav so that I might be able to download the file that way. Is this possible or will the server not permit me to do this?
Download.php will provide the file for security reasons. So if secured enough its not possible to directly access the file or folder directly. The direct access might be blocked using .htaccess or it might be placed where the public can't access directly or the file(blob) might be fetched directly on request from the database on request by the download.php
If its not protected from direct access the file is somewhere in the server in some folder. You could access if you find it. but there is no way to find it without a clue. browse through you might find.
Most likely direct access would be unavailable if its provided by the php file in that way.
In short: not possible:
The Downloads folder is a browser-specific location that only the user has control of. The file will download to the folder that is specified by the user.
Use readfile along with header to force a Save As... dialog to appear.
<?php
header('Content-disposition: attachment; filename=image.jpg');
header('Content-type: image/jpeg');
readfile('/server/path/to/image.jpg');
?>
Get the path of the downloads folder in PHP?
Related
I have a video file and I have commanded the server through htaccess to redirect when requesting the file url. However, I wonder if someone remote can use php functions such as file_get_contents to access the video file since I have only one server and I am not sure whether remote servers can access to it. In my own server I can access to it. Yet I don't want others to access the video file unless authenticated by php.
If you really do not want people to get that video why have it in public web folder? Just put it somewhere else and problem solved. What is the use case of this?
That said, if your redirect is working correctly, the file will not be served. file_get_contents() is still requesting the file from your webserver so it can't just magically ignore the redirect.
If you want to be able to download that file but prevent everyone else from doing it, put the file out of your www root and have a php script to retreive it. You can set up basic http authentication to prevent anyone accessing the php script.
header("Content-Type: application/octet-stream");
header("Content-Transfer-Encoding: Binary")
header("Content-disposition: attachment; filename=\"myvideo.avi\"");
echo file_get_contents("/directory/out/of/www/that/is/readable/by/www-data");
A url is the direct link towards a resource as per my knowledge. I have experience with Apache and PHP, and I know that using .htaccess file, one may set a default file (like index.php) for a location where no need to provide end file name.
But for file links, one need to provide a direct link, having filename and extension like somedomain.com/file.txt. But recently I found some links, especially download links, that dont have a url with filename and extension.
For example, i tried to grab direct .mp4 file url for this youtube video www.youtube.com/watch?v=W1- L58y2uf4 , of resolution 1080p HD. Then I got a url (using clipconverter.cc) like;
http://r9---sn-25g7sne7.c.youtube.com /videoplayback?source=youtube& ip=2001:41d0:8:1f2b:3a0e:6049:6b4f:92 e9&expire=1378905654& sparams=cp,id,ip,ipbits,itag,ratebypass,sou rce,upn,expire&ipbits=48& upn=BgsjQ8lS424& cp=U0hWTVlLU19KTkNONl9RRVdHOkZIZ0 diYTFXLWRJ&key=yt1& id=5b5f8be7ccb6b9fe&mt=1378881529& ratebypass=yes&itag=37&sver=3& mv=m&fexp=903309,919391,910207,91 4071,916612,924606,929117,929121,92 9906,929907,929922,929127,929129,92 9131,929930,936403,925726,936310,92 5720,925722,925718,925714,929917,90 6945,929933,920302,906842,913428,92 0605,919811,913563,919373,930803,90 8536,938701,931924,936308,909549,90 0816,912711,904494,904497,939903,90 0375,900382,934507,907231,936312,90 6001&ms=au& signature=1DDD3BB4A46816E27075ADF1 3C84B810AD1DF72D.C9B4290CE7F0806A 3174E65DE3920F3AFDB06833& title=Kilimanjaro+-+ROBOT+%282010%29 +%2AHD%2A+1080p+%2ABluRay%2A+ Music+Video
The browser downloads the file perfectly. How this works? Where is the filename and extension in this link?
Please repeat:
URLs !== files
URLs !== files
URLs !== files
When requesting a URL, your browser/HTTP client/whatever is sending an HTTP request to a web server, requesting the URL. The web server is free to respond to this request in any way it pleases. URLs have nothing at all to do with files on a hard disk. It's just a convenient default configuration that web servers look for files of the same name as the requested URL and serve those. But it could do anything else it wanted as well. It can start up a shell script which gets the requested URL passed as an argument, which in turn can output anything it wanted. The web server may be a Java application which processes the requested URL internally and responds with some content. The server could be anything and everything at all and it can respond by doing anything it wants to. A web server is just an application that listens on port 80 (or elsewhere) and answers incoming HTTP requests. The file system doesn't have to be involved at all.
You're probably calling a script which depending on your parameters finds the file you want and before sending it, it modifies the headers to make your browser treat the file as a video file (and download it) and not as a regular html document
header('Content-Description: File Transfer');
header('Content-Disposition: attachment; filename="'.$filename.'"');
header("Content-Type: application/zip");
header("Content-Transfer-Encoding: binary");
On my server I have a directory with music files, generally in .mp3 format. I'm writing a web application to search for and play these tracks.
All the files are stored, with their absolute server path, artist, album and title info in a MySQL database.
What I want to do is have a PHP file that "outputs" an mp3 file on the server that would normally be inaccessible from the web. So, this is what I want to achieve:
client requests play.php?id=10
PHP gets absolute server path from MySQL database where ID = 10
PHP outputs the file (which would really be at e.g. '/home/user/files/no_web/mp3/Thing.mp3')
To the client, it looks like there is an mp3 file called http://myserver.com/play.php?id=10 and it starts to play.
I'm sure this sort of thing is possible, just not sure how. Thanks in advance :)
You need to send correct content-type header and then just output the file:
header('Content-type: audio/mpeg3');
readfile('filename.mp3');
For reading the file and sending it, you can use the readfile function.
For setting the mime-type, so the browser actually knows what type of file is sent by the webserver, use the header function like:
header('Content-Type: audio/mpeg');
Additionally, you may also want to set the Content-Length HTTP header.
header('Content-Length: ' . filesize($filepath) );
If all you're trying to do is let the user download the mp3, just use the readfile command which will read the mp3 file and pass it along to the client. However you need to make sure to set the mime-type correctly.
I'm developing a web service. With this service, user's will upload their .php files, and service will remove UTF8 BOM characters from php file. And then, There will be a link like this :
Download Your File
But when i click this link, browser browsing to this file. I don't want browse it, i want to download it. So , when user click this link, downloading will start.
Any ideas ?
(P.S. I don't want modify uploadedfile.php file, also i read 5 questions about this, but still i have problem.)
You need to supply this HTTP header:
Content-Disposition: attachment; filename=example.txt
You can usually specify this for entire directories at a time by configuring your web server appropriately. If you mention which web server you are using, somebody may be able to suggest how to do this.
The problem is that you're allowing people to upload PHP files on your server, then giving them a link to execute that PHP file. The web server is automatically treating those uploaded PHP files like any other PHP file, i.e. executing it, which opens you up to a massive security hole.
Whatever purpose your web service has, I'd suggest renaming the file on your server when it is uploaded (something 'random' is best, without an extension), then having a PHP script feed it back out with the appropriate headers set when it is requested.
The URL for such a script would look like:
http://www.example.com/get_uploaded_file.php?id=jgh3h8gjdj2389
It would link the value in id with the file on the server, and if you've saved the original filename somewhere (flat file, DB), you can serve it out using its original name, so long as you set the right HTTP headers.
Linking directly to the PHP file may end up executing it. One way is (like somebody above suggested) to rename it. Or, you can have a downloader.php which does below:
<?php
header('Cache-Control: no-cache, must-revalidate');
header('Expires: Mon, 01 Jan 2000 01:00:00 GMT'); // some date in past
header('Content-type: text/plain');
header('Content-Disposition: attachment; filename='.basename($filepath));
header('Content-Length: ' . filesize($filepath));
flush(); // or any other flush function/mechanism you use.
readfile($filepath);
and link it something like:
Download
This method will let you retain the .php extension. Also, if the PHP file is big and connection is slow, they progress-bar would be accurate (because you've flushed the content length upfront.
I have asked this question today already but this time I want to know if I can achieve this via PHP since Javascript wasn't up to it.
I have a link to a file on another server. If i provide this link to my users the headers are pushed out to download that file from that server.
Is there a way for me to capture those headers and file and redirect the download to the user? I would like to do this so that I can change the filename of the download since it is
always 'file.zip'.
Is this possible with PHP?
Thank you for any help.
You can download the file to your server using curl and serve it correctly(with a Content-Disposition header). As long as you are using HTTP, there's no way to send just the header and let another server stream the content directly to the client.
You could do this, and you can do it in several ways.
1) (simple) copy the file to your server, and rename it. Point your download links to this copy.
2) (harder) Create a stub php file, called , read the file from the remote server within php, and stream the content to the script output. This will need you to set appropriate headers, etc. as well as setting up your webserver to parse through PHP.
Seriously, I'd go with option 1. (assumes you have a legal right to serve the content, etc.)
Maybe you can use a script similar to the following one:
<?php
header("HTTP/1.1 301 Moved Permanently");
header("Location: http://www.example.com/the_path/file.zip");
header('Content-Disposition: attachment; filename="alternate_filename.zip"');
exit();
?>