I am trying to add the PHPPowerPoint to one of my tools. I add all the file that PHPPowerPoint needs and write the download link to the right page but when I try to download it, it say to me that I don't have the permit to access to the file.
I tried to change the permit manually but nothing change, also beacuse everytime PHP create a new file with the default permit.
I tried to use chmod on it but nothing change.
I tried also chgrp and chown to change the owner (that is "daemon").
It's weird because when I use it out from the tool, with only the code to create the PP file everything works also with this permit.
The tool where I want to add the PP file download was coded with codeigniter.
Here's how to write a PHPPowerPoint object to the browser and have the user download it. It doesn't ever write to the file system, so there's no need for write permissions.
$ppp = new PHPPowerPoint;
// create the powerpoint, adding slides, content, etc.
// ...
// done
// set up the writer
$pppwriter = PHPPowerPoint_IOFactory::createWriter($ppp, 'PowerPoint2007');
// tell the browser a powerpoint is coming
header('Content-Type: application/vnd.openxmlformats-officedocument.presentationml.presentation; charset=binary');
// make sure it downloads as $filename
header("Content-Disposition: attachment; filename={$filename}");
// output the powerpoint file data
$pppwriter->save('php://output');
you can use the download helper
The Download Helper lets you download data to your desktop.
Loading this Helper
This helper is loaded using the following code:
$this->load->helper('download');
The following functions are available:
force_download('filename', 'data')
Generates server headers which force data to be downloaded to your desktop. Useful with file downloads. The first parameter is the name you want the downloaded file to be named, the second parameter is the file data. Example:
$data = 'Here is some text!';
$name = 'mytext.txt';
force_download($name, $data);
If you want to download an existing file from your server you'll need to read the file into a string:
$data = file_get_contents("/path/to/photo.jpg"); // Read the file's contents
$name = 'myphoto.jpg';
force_download($name, $data);
I done the functionality for downloading .pdf file as it is in core php,
Here is a sample code for it
$path = "path of your file";
$fullPath = $path.$_GET['fnm'];
if ($fd = fopen ($fullPath, "r")) {
$fsize = filesize($fullPath);
$path_parts = pathinfo($fullPath);
$ext = strtolower($path_parts["extension"]);
switch ($ext) {
case "pdf":
header("Content-type: application/pdf"); // add here more headers for diff. extensions
header("Content-Disposition: attachment; filename=\"".$path_parts["basename"]."\""); // use 'attachment' to force a download
break;
default;
header("Content-type: application/octet-stream");
header("Content-Disposition: filename=\"".$path_parts["basename"]."\"");
}
header("Content-length: $fsize");
header("Cache-control: private"); //use this to open files directly
while(!feof($fd)) {
$buffer = fread($fd, 2048);
echo $buffer;
}
}
fclose ($fd);
exit;
Just change file extension pdf to ppt(wherever pdf extension occurs).
Related
I have been looking to find a good guide on how to securely download files from a website only if a user session exists.
The files in the download folder should NOT be accessible if a user session doesn't exist.
Therefore I assume the folder the files are stored in needs to be "locked" by a .htaccess file?
Alternatively stored outside the root folder? Which is the best?
If anyone could point me to a good guide/tutorial for this it would be very much appreciated. Thanks
This is what I ended up doing which worked well. In my scenario I store my files outside of the root folder.
$filename= $_GET['filename'];
// the file path and file you want to send inline
$path = $fileroot."/files/".$filename;
if(!file_exists($path)) {
die("There has been an error unfortunately");
}
// the file name of the download, change this if needed
$public_name = basename($path);
// get the file's mime type to send the correct content type header
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime_type = finfo_file($finfo, $path);
// header("Content-Disposition: attachment; filename=$public_name;");
//Use "attachment" instead of inline if you want direct download instead
// send the headers
header("Content-Disposition: inline; filename=$public_name;");
header("Content-Type: $mime_type");
header('Content-Length: ' . filesize($path));
readfile($path);
Here I have some code, it does as it says and downloads, however only downloads a white blank empty file, and I am trying to use this one Wordpress and must be without a plugin. The script works, but its not downloading any information onto the PDF document, its just a white blank page here is the code, looking for a solution to added Wordpress post to the document, here is the link and the code, ideally I want it to download the page in which the link is executed.
HTML Link
Download file
download.php
<?php
ignore_user_abort(true);
$path = ""; // change the path to fit your websites document structure
$dl_file = preg_replace("([^\w\s\d\-_~,;:\[\]\(\].]|[\.]{2,})", '', $_GET['download_file']); // simple file name validation
$fullPath = $path.$dl_file;
if ($fd = fopen ($fullPath, "r")) {
$fsize = filesize($fullPath);
$path_parts = pathinfo($fullPath);
$ext = strtolower($path_parts["extension"]);
switch ($ext) {
case "pdf":
header("Content-type: application/pdf");
header("Content-Disposition: attachment; filename=\"".$path_parts["basename"]."\""); // use 'attachment' to force a file download
break;
// add more headers for other content types here
default;
header("Content-type: application/octet-stream");
header("Content-Disposition: filename=\"".$path_parts["basename"]."\"");
break;
}
header("Content-length: $fsize");
header("Cache-control: private"); //use this to open files directly
while(!feof($fd)) {
$buffer = fread($fd, 2048);
echo $buffer;
}
}
fclose ($fd);
exit;
?>
DO NOT USE THE CODE ABOVE!
It not only doesn't convert anything into PDF but also allows the world to download arbitrary files readable by the webserver as plaintext. So one could download your mysql database credentials or your FTP password if set in wp-config.php.
Explanation: the code doesn't convert anything. It just takes the content of an arbitrary file and outputs it with a PDF or octet-stream content type. Take a text editor and look at the "PDF" you downloaded.
It looks like you haven't to set the line
$path = ""; // change the path to fit your websites document structure to the full path pointing to some_file.pdf.
Im trying to make a script to download images from my localhost. Just for a schoolproject.
I get the filename via the url ("$_GET['file']"). Then i run this script. Every time the file is damaged and can't be viewed. I want to download images, but when i tried a word document it also was damaged. This is my code:
<?php
//get file
$file = $_GET['file'];
//set path of file
$path = $_SERVER['DOCUMENT_ROOT']."/blackbox/mediafiles/";
$fullPath = $path.$file;
if ($fd = fopen ($fullPath, "r")) {
$path_parts = pathinfo($fullPath);
header("Content-Disposition: attachment; filename=\"".$path_parts["basename"]."\""); // fore a download
header("Content-type: application/octet-stream");
header("Content-Disposition: filename=\"".$path_parts["basename"]."\"");
}
header("Cache-control: private"); // open files directly
while(!feof($fd)) {
$buffer = fread($fd, 2048);
echo $buffer;
}
fclose ($fd);
exit;
?>
Anybody has and idea what goes wrong?
Thanks in advance!!
Try opening the file explicitly in binary mode:
if ($fd = fopen ($fullPath, "rb")) {
As the documentation on fopen states:
Windows offers a text-mode translation flag ('t') which will
transparently translate \n to \r\n when working with the file. In
contrast, you can also use 'b' to force binary mode, which will not
translate your data. To use these flags, specify either 'b' or 't' as
the last character of the mode parameter.
The default translation mode depends on the SAPI and version of PHP
that you are using, so you are encouraged to always specify the
appropriate flag for portability reasons. You should use the 't' mode
if you are working with plain-text files and you use \n to delimit
your line endings in your script, but expect your files to be readable
with applications such as notepad. You should use the 'b' in all other
cases.
If you do not specify the 'b' flag when working with binary files, you
may experience strange problems with your data, including broken image
files and strange problems with \r\n characters.
You can use readfile instead of manually reading file and outputting.
Also, please note, that $_GET['file'] can contain '../' and open any file, which is a security risk. Use the basename function (if all files are in the same directory) or restrict access to files outside the mediafiles directory
<?php
//get file
$file = $_GET['file'];
//set path of file
$path = $_SERVER['DOCUMENT_ROOT']."/blackbox/mediafiles/";
$fullPath = $path. basename($file);
if (is_readable($fullPath) {
$path_parts = pathinfo($fullPath);
header("Content-Disposition: attachment; filename=\"".$path_parts["basename"]."\""); // fore a download
header("Content-type: application/octet-stream");
header("Content-length: " . filesize($fullPath));
header("Content-Disposition: filename=\"".$path_parts["basename"]."\"");
header("Cache-control: private"); // open files directly
readfile($fullPath);
}
exit;
?>
At first its not your answer. But you should really look at Security in PHP. On Your script you can access all files over the GET Parameter and DOCUMENT_ROOT.
Don't trust a user.
You should filter your variables at first or map them with a known list of files before deliver them to a user.
PHPSec
Either something is throwing an error from PHP, or you have leading whitespace before the opening tag in the file (<?php).
Do two things:
Make sure the < of <?php is the first character in the file. Make sure your script doesn't have a byte order marker in it.
Add these lines to the top of the script: error_reporting(0); ini_set('display_errors', 0);
Note that if disabling errors fixes your problem it means that there is an error which needs to be fixed, it is not a final solution to the problem!
Using readfile() is also shorter, safer and more efficient than opening a file pointer and looping it.
I want to download a doc file located at http://confluence.rogersdigitalmedia.com/exportword?pageId=1114407. How can I modify the following code to download a file from that URL??
And can someone please explain what this code does in its current state, what does it download, a file from a directory?
<?php
// place this code inside a php file and call it f.e. "download.php"
$path = $_SERVER['DOCUMENT_ROOT']."/path2file/"; // change the path to fit your websites document structure
$fullPath = $path.$_GET['download_file'];
if ($fd = fopen ($fullPath, "r")) {
$fsize = filesize($fullPath);
$path_parts = pathinfo($fullPath);
$ext = strtolower($path_parts["extension"]);
switch ($ext) {
case "pdf":
header("Content-type: application/pdf"); // add here more headers for diff. extensions
header("Content-Disposition: attachment; filename=\"".$path_parts["basename"]."\""); // use 'attachment' to force a download
break;
default;
header("Content-type: application/octet-stream");
header("Content-Disposition: filename=\"".$path_parts["basename"]."\"");
}
header("Content-length: $fsize");
header("Cache-control: private"); //use this to open files directly
while(!feof($fd)) {
$buffer = fread($fd, 2048);
echo $buffer;
}
}
fclose ($fd);
exit;
// example: place this kind of link into the document where the file download is offered:
// Download here
?>
This code is supposed to download files through PHP. Usually, it's used to hide the directory containing the downloads, or to download files which were otherwise inaccessible because the files are outside the web root. Another use for such a script is to offer downloads for authorized users, you'd have to put an authentication check in the script.
If the file has a PDF extension, the download is offered as with the PDF mimetype, so browsers can open it in a PDF viewer. Other files are offered as binary files which can be saved.
Do not use this script "as-is". It contains a huge security vulnerability which allows an attacker to view arbitrary files on your system (Path traversal). Replace line:
$fullPath = $path.$_GET['download_file'];
with the following to make it a bit more secure:
$fullPath = $path . basename($_GET['download_file']);
Even better: implement whitelisting by allowing filenames within an allowed character set and rejecting other invalid filenames.
Downloading an external file is as easy as following the example of cURL:
<?php
$ch = curl_init("http://www.example.com/");
$fp = fopen("example_homepage.txt", "w");
curl_setopt($ch, CURLOPT_FILE, $fp);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_exec($ch);
curl_close($ch);
fclose($fp);
?>
Since I've no clue about the URL of your download, I'll leave the original URLs and filenames from the PHP example.
This code is something you put on your own server to allow people to download files through PHP. Usually you'd add some authentication code in there so PHP can accept/reject the user before downloading.
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Forcing to download a file using PHP
So i am selling something, and I want the file download to start when users go to the thanks page.
The location of the file is stored in $install, now when user visitsthanks.php, how do i start the file download automatically?
Thanks.
The majority of what you want to do is actually going to be done in Javascript.
You PHP code will serve up the thanks page, and after it is loaded, you will want to direct a hidden iFrame in your page to a page which serves up the file as a download, using the following headers:
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename=yourfile.txt");
readfile($pathToFile);
<?php
// place this code inside a php file and call it f.e. "download.php"
$path = $_SERVER['DOCUMENT_ROOT']."/path2file/"; // change the path to fit your websites document structure
$fullPath = $path.$_GET['download_file'];
if ($fd = fopen ($fullPath, "r")) {
$fsize = filesize($fullPath);
$path_parts = pathinfo($fullPath);
$ext = strtolower($path_parts["extension"]);
switch ($ext) {
case "pdf":
header("Content-type: application/pdf"); // add here more headers for diff. extensions
header("Content-Disposition: attachment; filename=\"".$path_parts["basename"]."\""); // use 'attachment' to force a download
break;
default;
header("Content-type: application/octet-stream");
header("Content-Disposition: filename=\"".$path_parts["basename"]."\"");
}
header("Content-length: $fsize");
header("Cache-control: private"); //use this to open files directly
while(!feof($fd)) {
$buffer = fread($fd, 2048);
echo $buffer;
}
}
fclose ($fd);
exit;
// example: place this kind of link into the document where the file download is offered:
// Download here
?>
The alternative to a javascript redirect is using a meta refresh tag in your HTML. It works even when javascript is disabled.