I want to create file sharing platform but php has some bug about it.I just use fread to get text of any file (exe,pdf,docx,ppt and etc) then I create text file with random name and with .txt extension.So when user want to download this file ,I create random folder and inside of that folder I create file which has same text that user want to download , and then I give extension which is same as user uploaded version of file and force user to download it.
But when user download file,for example zip file and then if user wants to open , it says failed to open because not supported format.This happens when I try to do this with docx,pdfs,zips and that kind of files (not txt,html,css,c files).
Example : I force the user to download with same extension that he uploaded, for example if user uploaded zip file,I read the text with fread then save this text in the db or text file,and then if user wants to download that file, I just create file and give it zip extension, then force the user to download it,but once user upload this file then if user want to open it fails, but it should open zip file because content text of this file is exact same as user uploaded to the server
Answer should contain:
1)Why this happens?How to fix it?
2)What is the ideal solution?
3)is it safe to do this?
This happens, because windows knows the app to open file file just from the extension. If you rename the file to something.txt, then the editor always wants to open it.
There's no such thing as an ideal solution. A soltution would be to store the file with the original name (maybe at some unique part to prevent duplicates) in a non public readable directory without execution bit set. To access the file, you could create a proxy script, which returns the file and appens a should download header (and maybe the original filename).
Its as safe, as you implement it. Your current solution could be safe, the solution I posted could be safe - but without knowing the details, how you implemented it, nobody knows, if it is actually safe.
It happens because you are opening binary files like a zip file and storing it in a text file then streaming it with the zip extension again.
The ideal solution would be to use one of the 1 million open source file managers out there with proven records and big developer communities. But if for some reason you want to build your own, save the files in a safe folder outside your public folder. store the path in a database of choice together with the public path you will show your users. Upon request use the public path to map to the private path and start the download yourself.
Is as safe as you make it, but nothing is 100% safe so if you are storing sensitive data use something that is well build and documented
I've got the following situation: I have some files with hashed filename on a cdn. Now I want a php script which redirects to the files (download) and give them another name. Is there a way without using readfile? The problem with readfile is that it doesn't make sense to download the file from cdn to my webserver and then download the file from the webserver to local computer.
i am using read file function to allow users to download files through a php page and i am blocked direct access to files with htaccess.but the problem is the files can't be downloaded with download managers like IDM and it says:"This site doesn't allow you to request twice for file ".
i am looking for a way to output the file to user and also let him use download managers!
I would be grateful for help concerning this issue:
User clicks on a link:
the link itself has the parameter that tells which file needs to be unzipped to /unzip folder. After a file is unzipped, I would like to open the file.
How can I do this? I have the unzip part coded already.
I can suggest a following solution:
You create a folder on the server where you will unzip the files to.
You create an .htaccess file there which specifies your own php script as 404 Error handler
In your php script you parse URL and identify which file to unzip, unzip it and redirect user to the newly created file
If you need to clean the unizpped files, you can create a cronjob which will remove files older than a certain time
What you get from that is:
File transfer from server to user is handled by web server
You actually cache your work as 404 handler won't run if you have the file in place
You can significantly lower the server load as this approach reduces the amount of operations performed on server side (when file exists)
The description above assumes Apache as a web server
For image upload we use FILE html controller.
How this html controller able to browse in the local system?
After selecting a file , it will be copied and moved to server location.
If the php is ale to copy the local file and move to server , will it be able to do any other manipulations of that file ? like delete!
What is happening actually on file upload?
The HTML control is provided by the browser. The browser is a local application and has access to the user's file system. The file's contents are sent to the receiving script by the browser using standard methods.
PHP has no access to the user's file system at any point, just the copy provided by the browser. Deleting or even reading files on the user's file system is not possible.
Actually php is not accessing local system. After you choose a file and click upload at upload form. The whole file(not location) is sent via POST request. And php just recieves that POST request with the whole file, and stores at server.