I have a set of tar.gz files inside a folder protected against http access via .htaccess. I wish to allow direct curl downloading of these files via http. I have done this to things like images by setting the header information to something like:
$file='/some/file/protected/by/htaccess.png';
header("Content-type: image/png");
readfile($file);
My question:
Is there a way to provide direct access to these tar.gz files in a similar manner to the way I did it with images?
The reason I would like to do it in this way is that I would like to control access to which users can access these files by our site's login system.
Edit: as pointed out by Machavity, my code was pointing at a jpg, and had a png header.
For tar.gz
$filename = 'path/to/your/file.tar.gz';
header('Content-Type: application/x-compressed');
header("Cache-Control: no-store, no-cache");
header('Content-Disposition: attachment; filename="' . basename($filename) . '"');
header('Content-Length: ' . filesize($filename));
readfile($filename);
Related
I have a database on a web server, it has binary files stored in it, I need to download these files to the server directory, then change from bin to a PHP extension to capture data that appears in character blocks, I can do the whole process manually but I need to automate it, I don't know if it is possible to download files from the DB to the server's directory, or change its extension using PHP, I want to avoid discussions about the binary file, the focus is on these two questions if it is possible or not using PHP.
I know that there is this code to download from the server directory to the client, but I can't find a download from the DB to the server directory.
<?php
if(!empty($_GET['file'])){
$filename = basename($_GET['file']);
$filepath = 'downloads/' . $filename;
if(!empty($filename) && file_exists($filepath)){
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=$filename");
header("Content-Type: application/zip");
header("Content-Transfer-Emcoding: binary");
readfile($filepath);
exit;
}
else {
echo "This File Does not exist.";
}
}
I'm trying to create a simple download page, which currently works in Firefox but not entirely in Chrome and Edge. The file to download is an mp3, located in a private directory on the server.
When I download the file in Firefox it works as intended. If I download it using Chrome or Edge the file still downloads, but it doesn't recognize the file type and just saves it as an extensionless file. If I add the .mp3 extension manually to the downloaded file it's fine and I can play the track.
These are the headers:
header("Cache-Control: private");
header("Content-type: application/octet-stream");
header("Content-Disposition: attachment; filename=\"$filename\"");
header("Content-Length: " . filesize($filePath));
//Force download
readfile($filePath);
Changing the 'Content-type' to 'audio/mpeg' also doesn't work.
can you try:
header("Content-Disposition: attachment; filename=\"$title\".mp3");
to see if the title does not contain the extension
My website is build in PHP and i integrated stripe payment. If user payment through stripe is successful then i need to open a PDF file which is hosted
on same server where code is running.
Below is the code i am using to open PDF file:
$file = 'test.pdf';
$filename = 'test.pdf';
header('Content-type: application/pdf');
header('Content-Disposition: inline; filename="' . $filename . '"');
header('Content-Transfer-Encoding: binary');
header('Content-Length: ' . filesize($file));
header('Accept-Ranges: bytes');
#readfile($file);
I don't want test.pdf file to be accessible directly. So if i change permissions of test.pdf to 777 then code runs and opens PDF file but it also enable anyone to open file through direct link. If i change permissions so that access to this file is restricted to code files then it is not opening the pdf file. How can i achieve this so that PDF file can be opened after successful stripe payment but not through direct URL.
You can prevent the direct access of the file by a .htaccess (or vitual host configuration) with a 'Deny from all'. The 'readfile()' will work if the server user (www-data for example) has the read and execute rights on the pdf
I am having a problem with how to download the file into our desired folder, this below is my code for download.php
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($fileName));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header ("Cache-Control: must-revalidate");
header('Pragma: public');
ob_clean();
flush();
readfile($data);
echo $data;
exit;
I want to download the file to my desired folder like C:\Users\Asus or D:\Program not to the default one
$data is the content of the file and $filename already include the extension Ex:picture.jpg
Thx before for all the help that i can get :)
Henry
There is no way to tell the client where on the client's disk to save a file to.
You have no way of knowing (on the WWW at least) what directories exist
If the user doesn't pay attention to where something is being saved (because they expect it to be the default) then you could save the file somewhere they wouldn't want it (such as a Startup folder) which would be a security risk.
The download directory is usually handled by the browser, not by the server or PHP it's self :)
Hi i have a problem with making a safe upload folder in a project.
The thing is that we have a file upload that everyone should be able to upload files to, but only the site administrator the site should be able to view the files later.
Is it possible making a folder non readable, but accessible from a php page?
The server is a linux inviroment
There's actually several ways to do this.
Apache configuration (you may restrict access to certain directory by IP security, or HTTP authorization), see: allow,deny and apache authentification
Save files to directory which is not accessible via website and write your own php directory listing and file download, via readfile
Upload file to directory which will be accessible only via "secret" ftp/sftp.
The simple answer to this is to place the files in a directory outside your web root, and built a page to view the directory that requires an administrator auth to access.
If the files are outside your web root, they cannot be directly accessed with a /path/to/file.ext type URL.
In cases like this, I would locate the folder outside the document root, or restrict it's access via Apache directives.
Then, using the PHP and checking access credentials, output the file using readfile()
Here is an example from the manual
if (file_exists($file)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
ob_clean();
flush();
readfile($file);
exit;
}
?>