I have a file with no extension on it, but I know it's a tiff. I want to be able to download this file via PHP.
I created a page with a link to another php page, which has the following content:
<?php
$imgPath = 'http://server/23700-b074137f-eb5c-45d6-87c2-13c96812345b';
header("Content-disposition: attachment; filename=invoice.tiff");
header("Content-type: image/tiff");
readfile($imgPath);
?>
When I click the link, I get a prompt to download invoice.tiff, but it's 0 bytes.
However, if I rename the file on the server to 23700-b074137f-eb5c-45d6-87c2-13c96812345b.tiff (and change the $imgPath), it works.
How do I accomplish this without renaming the file to include the extension?
It's possible the 'tiff' extension is registered as a known file type on the server, so when you rename and request the tiff it's permissions will allow you to open it. However, with no extension, the security is probably stopping you from reading it, as mentioned by 'Mike B' above. To check this try just entering the file name in your browser address bar and see if it opens, both with and without the 'tiff' extension. There is no workaround for getting past the security issue, short of changing the severs security which would be very bad.
You are retrieving the file from a URL, therefore activating the 'fopen wrappers' in readfile. In general, you should not do this, especially when working locally since it invokes a lot of unnecessary overhead and (in this case) unwanted 'magic' behaviour.
Just use readfile on the local path to the file, and it'll be fine, or use die(file_get_contents($imgPath)) instead of the last line to circumvent PHP's native behaviour.
It works for me:
$imgPath = 'http://server/23700-b074137f-eb5c-45d6-87c2-13c96812345b';
$f = fopen($imgPath, "r");
header("Content-disposition: attachment; filename=invoice.tiff");
header("Content-type: image/tiff");
fpassthru($f);
You should also add the content-length header like so:
// untested code
header('Content-Length: '.strlen(stream_get_contents($imgPath)));
Related
I need to get a remote file and give it to user without saving it to my server disk (for hiding original URL) and found a lot of posts about download external files with various functions like file_get_contents or readfile. Already I'm using this one:
function startDownload($url){
if($this->url_exists($url))
{
//get filename from url
$name=$this->getFileName($url);
//first flush clear almost output
ob_end_flush();
//final clear
ob_clean();
//set headers
header('Content-Type: application/octet-stream');
header("Content-Transfer-Encoding: Binary");
header("Content-disposition: attachment; filename=\"" . $name . "\"");
//send file to client;
readfile($url);
//exit command is important
exit;
}
else JFactory::getApplication()->enqueueMessage(JText::_('URL_NOT_FOUND'), 'error');
}
And that's working but there is a problem! For a file with 200 MB size it takes ~ 10 seconds to start download in client browser. I think it's because readfile first downloads whole file to my server buffer and then give it to user. Is that right?
And is it possible to make it faster? for example download be started before fetch ended or it isn't possible technically?
In fact I don't know that this method is optimised or not. Any technical advice would be appreciated.
Note :
I know that this function should be changed for big files and that's not my concern now.
I consider to buy the external server in the same datacenter to make this download faster.
Target is that [File server] be separate than the file [online shop].
I tested curl method that mentioned by #LawrenceCherone. It worked nicely but when moved it to my project the result was the same as readfile (white screen for a few seconds).
So suspect to readfile() function. Separate my previous code to a single PHP file and result was amazing! Download starts immediately.
So I think my guess wasn't right and problem was not related to readfile function.
After a little search found a minor modification. I added below line :
while (ob_get_level()) ob_end_clean();
before the :
readfile($url);
And now download starts before whole file fetched in my server.
First post. I'm working on a project for a client where they have pdf files uploaded to a file structure (LAMP Stack) but the files have no extensions on them. Under the assumption that those files have to be PDF how would I get the browsers to understand that, and open them accordingly? Obviously with adding the file extensions this would suddenly work but I can't change the way their system works, it would result in too many changes and they are on a tight deadline. As for saving a temporary copy somewhere, I could do that, but I was hoping for a better solution. Is there a way to suggest to the browsers that they open a file a certain way?
Any thoughts guys/gals?
You just set the application type and file name in the headers, like so:
// This points to the file in question, note that it doesn't
// care whether it has an extension on the name or not.
$filePathOnDisk = '/path/to/your/pdffile';
// You can make this whatever you like, it doesn't have to
// be the same as the file name on the disk! This is the name of the file your end
// user will see when they are asked if they want to save. open, etc in the browser.
$fileName = 'file.pdf';
$data = file_get_contents($filePathOnDisk);
header("Content-type: application/pdf");
header("Content-disposition: attachment;filename=$fileName");
echo $data;
See PHP: stream remote pdf to client browser and Proper MIME media type for PDF files for reference as well.
Tested
You can use the following which will prompt the user to save the (PDF) file on their computer.
Notice the different file names.
One is the file that will be uploaded/prompted to the user download_example.pdf, while the other is the file without an extension as set in readfile('example');
<?php
header('Content-type: application/pdf');
header('Content-Disposition: attachment; filename="download_example.pdf"');
readfile('example');
?>
This seems like it should be simple. I have a set of files I have to store outside of the webroot and have an access script to call them. I also need to sometimes tell a PDF that must be called via this proxy script to open at a specific page. Releveant part of the script below:
header('Content-type: application/pdf');
header('Content-Length: ' . filesize($file));
header('Content-Disposition: attachment; filename="'.$file_name.'"');
readfile($file);
$file_name is just the basename() of the file, and $file is the path to the file, with #page=2, or #page=10, or whatever appended to it. If I remove the hashtag portion, the script works fine and the PDF opens with no errors. When the hashtag portion is there, all the programs tell me the PDF has been corrupted and can't be open.
I can't seem to find anything on here or Google as to what I need to do. Do I need to set an additional header to simulate the hash tag? Use exec() to call some command line code instead of using readfile()?
Any insight would be greatly appreciated.
You have to append the #page=2 (or whatever page you want to open) to the URL in the browser, not the filename in the proxy-script.
You currently try to open a file myFile.pdf#page=2 from the filesystem that does not exist as the filename is myFile.pdf
The feature to open a pdf-file on a specific page on the other hand is implemented in the browser or it's PDF-plugin. Therefore the information which page to open has to be given to the browser via the URL. So you should call your proxyscript like this: http://example.com/proxy.php?myFile.php#page=2
Update:
If you want to download the file and open it at a specific page every time the file is opened from the local file-system of the user, you will have to edit (or recreate) the PDF-File.
My site uses bookmarklets to gather data from external sites, kinda like Pinterest. I'm concerned about security and want to move the images the bookmarklet gathers from the doc root up one level. My script has some hefty security checks in place, but I want to add this as a last line of defense.
How do I access my images within my script? Obviously using ../userimages/id/image.jpg wont work. I'm using Apache.
Thanks!
Proxy the image
You would use a proxy script to feed the images through like the following example:
// open the file in a binary mode
$name = '../userimages/id/image.jpg';
$fp = fopen($name, 'rb');
// send the right headers
header("Content-Type: image/png");
header("Content-Length: " . filesize($name));
// you may like to set some cache headers here
// dump the picture and stop the script
fpassthru($fp);
exit;
This example is from the PHP manuals fpassthru() page. You would save this script somewhere in your servers document root/httpdocs folder.
"Spoofing" the URL to the image
The easiest way to give the PHP file the appearance of being an image file to a user/browser is to use Apaches mod_rewrite. Usually I use a URL structure something like this:
http://www.example.org/image-id/image.png
Where image-id is the unique identifier for that particular image. This way the file has the correct extensions of an image instead of .php.
I am trying to send files by using X-Sendfile directive in lighttpd.
My php code is;
header("Content-Type: application/force-download");
header( "Content-Disposition: attachment; filename=" . 's.php');
header("Content-Length: ". filesize("/home/web/domain/htdocs/download.php"));
header( "X-Sendfile: /home/web/domain/htdocs/download.php");
(I am sending download.php file just for testing purpose)
However, I get blank file no matter what I try. If I change the filename, I get;
2010-08-30 18:01:14: (mod_fastcgi.c.2587) send-file error: couldn't get stat_cache entry for: /home/web/domain/htdocs/downloa1d.php
So, it is working, but when I send the correct file it does not give any error in the logs and the browser downloads an empty file.
What could be wrong? What should I do?
It is likely that you don't have the right line in your lighttpd.conf file.
Add this in your fastcgi.server between the options with => arrows:
"allow-x-send-file" => "enable",
All but the last option end with commas.
I assume that you have your fastcgi already configured. If you are using a different framework for connecting PHP to your server, I can't help you.
If you have more than one PHP worker process, you must add that option to all of them.
I should add that .php files are small in size and outputting them with readfile() won't make a dent.
And, as I see it, you are using some non-critical headers wrongly. There is no such thing as force-download, it will just behave like an unknown file type. Use application/octet-stream. And your Content-Disposition is also shaky. Not only in that weird string enclosing. What the client should get is:
Content-Disposition: attachment; filename="My file ♥.txt"
The file name is surrounded by double quotes and it is NOT escaped; instead, it is either in UTF-8 or in the encoding of the calling page (this is a dirty grey area where every browser acts differently). You don't even have to include the file name to be on the safe side if you are satisfied with the downloading path. Then, it will look like this:
Content-Disposition: attachment
You can then use a pseudo-directory trick to supply a less buggy file name:
www.example.com/download.php/Custom%20Name.txt
This will work more reliably than that filename= parameter, but takes more planning in the link system. It may require you to do some redirecting.
OK this is an old post, but I'm going to reply anyway 'cause I was stuck on this too for way too long and I didn't find my solution anywhere so here I go:
Yeah I edited lighttpd.conf and added
fastcgi.server += ( ".php" => (( "allow-x-send-file" => "enable" )) )
and used
Header("X-LIGHTTPD-send-file: /path/filename");
in the PHP test page. But it didn't work. It took me a while to figure out I also had a PHP definition in
etc/lighttpd/conf-enabled/15-fastcgi-php.conf
After I added the option in there it worked :)