I have created a file download system with php. I created like that
phpfiledownload.php
--------------------
<?php
$file = 'testing.php';
if (file_exists($file)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
ob_clean();
flush();
readfile($file);
exit;
} ?>
And I also created testing.php file like the following
testing.php
------------
<?php echo "Hello World"; ?>
When I run phpfiledownload.php form my localhost I got testing.php file.
But when I change testing.php to http://www.anotherdomain.com/example.php in phpfiledownload.php I can't download http://www.anotherdomain.com/example.php.
So, how I can got http://www.anotherdomain.com/example.php via my phpfiledownload.php
To download http://www.example.com/example.php you can use the code below
file_put_contents("example.php", fopen("http://www.example.com/example.php", 'r'));
Note: If example.php contains php code it will run on the webserver and return the HTML output to you. So your file be the output of example.php and not the source code.
Tip
A URL can be used as a filename with this function if the fopen
wrappers have been enabled. See fopen() for more details on how to
specify the filename. See the Supported Protocols and Wrappers for
links to information about what abilities the various wrappers have,
notes on their usage, and information on any predefined variables they
may provide.
Taken from PHP Manual, here.
Your question is not very clear: are you meaning to download the php file or the result processed by the web server?
In your code, "testing.php" is a local file, while "http://www.example.com/example.php" is an URL.
In the first case your local web server fetches the local file and return it using the appropriate headers.
In the second case you obtain only the html output produced by the web server of the site "http://www.example.com"
Related
So, I need a little help here. I have a site which hosts some mp3s. When users click on the download url, it links directly to a file called downloadmp3.php, which goes 2 parameters in the url...the php file is included below, and it's basically supposed to FORCE the user to save the mp3. (not play it in the browser or anything).
That doesnt happen. Instead, it seems like the file is WRITTEN out in ascii to the browser. It seems like it's the actual mp3 file written out.
Here is my downloadmp3.php file...please, what's wrong in this code.
It works on my local LAMP (Bitnami Wampstack on windows)....that is, on my local testing environment, it sends the file to my broswer, and I can save it. When I upload it to the real server, it basically writes out the mp3 file.
Here is the culprit file, downloadmp3.php...please help
<?php
include 'ngp.php';
$file = $_GET['songurl'];
$songid = $_GET['songid'];
increasedownloadcount($songid);
if (file_exists($file)) {
header('Content-Description: File Transfer');
header('Content-Type: audio/mpeg');
header('Content-Disposition: attachment; filename=' . basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
ob_clean();
flush();
readfile($file);
exit;
}
?>
By the way, this site only hosts mp3s - no other audio or file format. So, this downloadmp3.php script should ideally ask the user where they want to save this file.
Thanks for your help in advance.
I think the filename should be in quotes:
header('Content-Disposition: attachment; filename="' . basename($file) . '"');
Change the content-type value to text/plain. With this browser wont recognize it and wont play the file. Instead it will download the file at clients machine.
Seems there is too many headers. I am sure they do SOMETHING... but this code works.
This code works with MP3 files.... downloads to a file. Plays without a problem.
if(isset($_GET['file'])){
$file = $_GET['file'];
header('Content-type: audio/mpeg');
header('Content-Disposition: attachment; filename=".$file.'"');
readfile('path/to/your/'.$file);
exit();
}
You can access it with ajax call, or this:
<a id="dl_link" href="download.php?file=<>file-you-wish-to-download<>" target="_blank">Download this file</a>
Hopefully this is of some use
I have a file download code using php and my code at download page is follows.
if (file_exists($strDownload)) {
//get the file content
$strFile = file_get_contents($strDownload);
//set the headers to force a download
header("Content-type: application/force-download");
header("Content-Disposition: attachment; filename=\"" . str_replace(" ", "_", $arrCheck['file_name']) . "\"");
//echo the file to the user
echo $strFile;
//update the DB to say this file has been downloaded
mysql_query("xxxxxxxx");
exit;
}
Where the function file_exists() passed with valid check and my $strDownload variable will be something like /home/public_html/uploads/myfile.zip which is located in server folder. But when I trying to download the file instead of downloading, the page displays the full encrypted source of the file. How can I make it downloadable?
EDIT: for the information, myself trying to use this bit of code inside the wordpress system and my file path will be something like http://example.com/wp-content/uploads/2016/02/myfile.zip. Also in the above mentioned code myself checking the file_exists() condition for the server path which is already mentioned above and it returns 1 as desired.
Try this
if (file_exists($file))
{
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
ob_clean();
flush();
readfile($file);
exit;
}
It is solved by using the above bit of codes at beginning of php page. Ie, before declaring the famous wordpress tag get_header();
If we use the above code after get_header(); tag of wordpress, it results in the opening of page first and hence it writes the source of the file in the page instead of downloading since the meta tags are already set.
Problem:
After download, the file doesn't contain the data.
i.e it become blank.
So please help me for this.
<?php
session_start();
include_once 'oesdb.php';
$id=$_REQUEST['id'];
if(isset($_REQUEST['id']))
{
$sql=executeQuery("SELECT * FROM file where id=$id");
$rows = mysql_fetch_array($sql);
$file =$rows['file'];
header('Content-Description: File Transfer');
header('Content-Type: application/vnd.ms-excel');
header('Content-Disposition: attachment; filename='.basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
ob_clean();
flush();
readfile('uploads/'.$file);
exit;
}
?>
Why not create a HTACCESS file in uploads folder then states
Allow From 127.0.0.1
Deny From All
Then just create a URL, use HTML5's new download feature, do something like this:
click to download
It saves time trying to use PHP to make a download script.
try replacing this:
$file =$rows['file'];
by this:
$file = "uploads/".$rows['file'];
and this:
readfile('uploads/'.$file);
by this
readfile($file);
if still not working put the value returned by the readfile function
IMPORTANT
Please take in consideration the sql injection issues (see comment of Ondřej Mirtes)
The problem is here:
header('Content-Length: ' . filesize($file));
Content-Length receives zero value and browser downloads zero-length file, as you told him. If $file is path relative to upload/, you should do this:
header('Content-Length: ' . filesize('upload/'.$file));
Be sure that filezise() returns correct size and readfile() realy outputs it.
But the other problem is that you mentioned UPLOAD folder and using uploads. They are not same and case is important. Also, may be using relative paths in 'uploads/'.$file is not a good idea, it is better to use absolute path. For example, '/var/www/upload/'.$file.
im working on a content management system for that i have to download a php file using php code without executing. any one can help me on this
it is some thing like ftp. i have added the options to upload, edit and download a file. it is working fine. but while downloading a php file it is executed instead of downloading...
What i tried is:
<?php
$file = $_REQUEST['file_name'];
if (file_exists($file)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
include_once($file);
exit;
}
?>
You have to load the files content, write the content to the request and set the headers so that it's parsed as force download or octet stream.
For example:
http://server.com/download.php?name=test.php
Contents of download.php:
<?php
$filename = $_GET["name"]; //Obviously needs validation
ob_end_clean();
header("Content-Type: application/octet-stream; ");
header("Content-Transfer-Encoding: binary");
header("Content-Length: ". filesize($filename).";");
header("Content-disposition: attachment; filename=" . $filename);
readfile($filename);
die();
?>
This code works without any modification. Although it needs validation and some security features.
The server somehow identifies file that should be executed instead of downloaded. You have to exclude the .php file you want to download from that handling. The easiest is probably to rename the file to .php.txt.
Otherwise you should be able to configure the server to not process that particular file, or the path were it is located. How you do that depends on which server you are running.
If such php file is located on the same server/website, then just open it as normal file, e.g. $fileContents = file_get_contents($filename);
If file is on another server, you have few possible options:
1) Access it via FTP (if you have login details and access)
2) Have special URL Rewrite rule on that server which will instruct web server to send file as plain text instead of executing it (e.g. somefile.php.txt)
3) Have special script on that server and by passing file name as a parameter it will return content of that file (e.g. http://example.com/showfile.php?file=somefile.php)
This is how to download a php file instead of executing it.
Trust me it works! ..download the file php with own risk :)
<?php
function downloadThatPhp($nameOfTheFile)
{
header("Pragma: public");
header("Expires: 0"); // set expiration time
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Content-Type: application/text/x-vCard");
header("Content-Disposition: attachment; filename=".basename($nameOfTheFile).";");
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize($nameOfTheFile));
#readfile($nameOfTheFile);
exit(0);
}
// and this how to use:
// download that php file with your own risk :)
$file = $_REQUEST['file_name'];
$downloadThis = "http://domain-name.com/".$file;
if (file_exists($file)) {
downloadThatPhp($downloadThis);
}
?>
Hope this helps you bro :)
You can read alot about it on php.net/header, but to force a download, you can use a force-download header. This comment is amazing, check it out! :-)
if someone is looking to do this in his/her .htaccess file:
Header set Content-Disposition attachment
AddType application/octet-stream .php
or
<FilesMatch "\.(?i:php)$">
ForceType application/octet-stream
Header set Content-Disposition attachment
</FilesMatch>
I want to serve an existing file to the browser in PHP.
I've seen examples about image/jpeg but that function seems to save a file to disk and you have to create a right sized image object first (or I just don't understand it :))
In asp.net I do it by reading the file in a byte array and then call context.Response.BinaryWrite(bytearray), so I'm looking for something similar in PHP.
Michel
There is fpassthru() that should do exactly what you need. See the manual entry to read about the following example:
<?php
// open the file in a binary mode
$name = './img/ok.png';
$fp = fopen($name, 'rb');
// send the right headers
header("Content-Type: image/png");
header("Content-Length: " . filesize($name));
// dump the picture and stop the script
fpassthru($fp);
exit;
?>
See here for all of PHP's filesystem functions.
If it's a binary file you want to offer for download, you probably also want to send the right headers so the "Save as.." dialog pops up. See the 1st answer to this question for a good example on what headers to send.
I use this
if (file_exists($file)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
ob_clean();
flush();
readfile($file);
exit;
}
I use readfile() ( http://www.php.net/readfile )...
But you have to make sure you set the right "Content-Type" with header() so the browser knows what to do with the file.
You can also force the browser to download the file instead of trying to use a plug-in to display it (like for PDFs), I always found this to look a bit "hacky", but it is explained at the above link.
This should get you started:
http://de.php.net/manual/en/function.readfile.php
Edit: If your web server supports it, using
header('X-Sendfile: ' . $filename);
where file name contains a local path like
/var/www/www.example.org/downloads/example.zip
is faster than readfile().
(usual security considerations for using header() apply)
For both my website and websites I create for clients I use a PHP script that I found a long time ago.
It can be found here: http://www.zubrag.com/scripts/download.php
I use a slightly modified version of it to allow me to obfuscate the file system structure (which it does by default) in addition to not allowing hot linking (default) and I added some additional tracking features, such as referrer, IP (default), and other such data that I might need should something come up.
Hope this helps.
Following will initiate XML file output
$fp = fopen($file_name, 'rb');
// Set the header
header("Content-Type: text/xml");
header("Content-Length: " . filesize($file_name));
header('Content-Disposition: attachment; filename="'.$file_name.'"');
fpassthru($fp);
exit;
The 'Content-Disposition: attachment' is pretty common and is used by sites like Facebook to set the right header