I'm currently attempting to find the source path to a file which I am downloading from it. I'm not sure how to explain, but I'm going to try my best.
I send a GET request to our server, it looks like: GET /en/download.php?pod_id=2138. From here the server proceeds to reply:
Set-Cookie: PHPSESSID=neatgv4m7a1pdorjqmoo76s151; path=/
Content-disposition: attachment; filename=2015-09-06-2.wav
Connection: close
Transfer-Encoding: chunked
Content-Type: Application/octet-stream
I captured this of course using WireShark. Next comes the full WAV file, but I'll spare us that.
I'm curious whether I can get the path to 2015-09-06-2.wav so that I might be able to download the file that way. Is this possible or will the server not permit me to do this?
Download.php will provide the file for security reasons. So if secured enough its not possible to directly access the file or folder directly. The direct access might be blocked using .htaccess or it might be placed where the public can't access directly or the file(blob) might be fetched directly on request from the database on request by the download.php
If its not protected from direct access the file is somewhere in the server in some folder. You could access if you find it. but there is no way to find it without a clue. browse through you might find.
Most likely direct access would be unavailable if its provided by the php file in that way.
In short: not possible:
The Downloads folder is a browser-specific location that only the user has control of. The file will download to the folder that is specified by the user.
Use readfile along with header to force a Save As... dialog to appear.
<?php
header('Content-disposition: attachment; filename=image.jpg');
header('Content-type: image/jpeg');
readfile('/server/path/to/image.jpg');
?>
Get the path of the downloads folder in PHP?
A url is the direct link towards a resource as per my knowledge. I have experience with Apache and PHP, and I know that using .htaccess file, one may set a default file (like index.php) for a location where no need to provide end file name.
But for file links, one need to provide a direct link, having filename and extension like somedomain.com/file.txt. But recently I found some links, especially download links, that dont have a url with filename and extension.
For example, i tried to grab direct .mp4 file url for this youtube video www.youtube.com/watch?v=W1- L58y2uf4 , of resolution 1080p HD. Then I got a url (using clipconverter.cc) like;
http://r9---sn-25g7sne7.c.youtube.com /videoplayback?source=youtube& ip=2001:41d0:8:1f2b:3a0e:6049:6b4f:92 e9&expire=1378905654& sparams=cp,id,ip,ipbits,itag,ratebypass,sou rce,upn,expire&ipbits=48& upn=BgsjQ8lS424& cp=U0hWTVlLU19KTkNONl9RRVdHOkZIZ0 diYTFXLWRJ&key=yt1& id=5b5f8be7ccb6b9fe&mt=1378881529& ratebypass=yes&itag=37&sver=3& mv=m&fexp=903309,919391,910207,91 4071,916612,924606,929117,929121,92 9906,929907,929922,929127,929129,92 9131,929930,936403,925726,936310,92 5720,925722,925718,925714,929917,90 6945,929933,920302,906842,913428,92 0605,919811,913563,919373,930803,90 8536,938701,931924,936308,909549,90 0816,912711,904494,904497,939903,90 0375,900382,934507,907231,936312,90 6001&ms=au& signature=1DDD3BB4A46816E27075ADF1 3C84B810AD1DF72D.C9B4290CE7F0806A 3174E65DE3920F3AFDB06833& title=Kilimanjaro+-+ROBOT+%282010%29 +%2AHD%2A+1080p+%2ABluRay%2A+ Music+Video
The browser downloads the file perfectly. How this works? Where is the filename and extension in this link?
Please repeat:
URLs !== files
URLs !== files
URLs !== files
When requesting a URL, your browser/HTTP client/whatever is sending an HTTP request to a web server, requesting the URL. The web server is free to respond to this request in any way it pleases. URLs have nothing at all to do with files on a hard disk. It's just a convenient default configuration that web servers look for files of the same name as the requested URL and serve those. But it could do anything else it wanted as well. It can start up a shell script which gets the requested URL passed as an argument, which in turn can output anything it wanted. The web server may be a Java application which processes the requested URL internally and responds with some content. The server could be anything and everything at all and it can respond by doing anything it wants to. A web server is just an application that listens on port 80 (or elsewhere) and answers incoming HTTP requests. The file system doesn't have to be involved at all.
You're probably calling a script which depending on your parameters finds the file you want and before sending it, it modifies the headers to make your browser treat the file as a video file (and download it) and not as a regular html document
header('Content-Description: File Transfer');
header('Content-Disposition: attachment; filename="'.$filename.'"');
header("Content-Type: application/zip");
header("Content-Transfer-Encoding: binary");
I'm trying figure out how I can protect digital downloads in PHP. Just need some general directions so I can start my research. I don't seem to be able to find anything useful.
I want to make files available for my users to download but don't want them to be able to directly access a download folder. Also, I want the download link to be available only for set period of time or a single download.
Could some one point me in the right direction?
The best way is to delegate the download managment after your check to the mod for apache
x_sendfile
https://tn123.org/mod_xsendfile/
Usage:
<?php
...
if ($user->isLoggedIn())
{
header("X-Sendfile: $path_to_somefile");
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename=\"$somefile\"");
exit;
}
?>
<h1>Permission denied</h1>
<p>Login first!</p>
Basically when you send the header X-Sendfile the mod intercepts the file and manages the download for you (the file can be located whenever you want outside the virtualhost).
Otherwise you can just implement a simple file download.php that gets the id of the file and prints the contents with readfile after the login check
Just some examples: You can place your files outside of the webserver's document root or in a directory that is protected by a .htaccess file with a "deny from all" rule; then you deliver the files by a custom PHP function that sets the correct headers (mime-type, filesize etc.) and returns the file.
You could create links with unique id's based on MD5 or SHA1 hashes - a mod_rewrite rule points the id to your PHP file, you lookup the id in the database and do your time checks, like
example.com/downloads/73637/a8d157edafc60776d80b6141c877bc6b
is rewritten to
example.com/dl.php?id=a8d157edafc60776d80b6141c877bc6b&file=73637
Here's an example of doing something you want with nginx and PHP:
http://wiki.nginx.org/HttpSecureLinkModule
"Secure Download Links", a PHP Script can be used to hide download url or rename download file, it has option for storing below web root and for files stored above webroot that is with absolute http urls also.
i temporarily change place for static files on site. But this files must have access from old URL, i've create a script that make's redirect to the right place, but this files are downloading by third-part program.
The problem is that program ignoring redirect. I tryed to use permanent redirecting but no success.
Okay, so a redirect doesn't work.
What you can do is read the file in PHP and output it directly. You can use the function readfile() to do that.
readfile($filename);
I have asked this question today already but this time I want to know if I can achieve this via PHP since Javascript wasn't up to it.
I have a link to a file on another server. If i provide this link to my users the headers are pushed out to download that file from that server.
Is there a way for me to capture those headers and file and redirect the download to the user? I would like to do this so that I can change the filename of the download since it is
always 'file.zip'.
Is this possible with PHP?
Thank you for any help.
You can download the file to your server using curl and serve it correctly(with a Content-Disposition header). As long as you are using HTTP, there's no way to send just the header and let another server stream the content directly to the client.
You could do this, and you can do it in several ways.
1) (simple) copy the file to your server, and rename it. Point your download links to this copy.
2) (harder) Create a stub php file, called , read the file from the remote server within php, and stream the content to the script output. This will need you to set appropriate headers, etc. as well as setting up your webserver to parse through PHP.
Seriously, I'd go with option 1. (assumes you have a legal right to serve the content, etc.)
Maybe you can use a script similar to the following one:
<?php
header("HTTP/1.1 301 Moved Permanently");
header("Location: http://www.example.com/the_path/file.zip");
header('Content-Disposition: attachment; filename="alternate_filename.zip"');
exit();
?>