i start my downloads with a php script, it's very simple and looks like this:
$dir = 'downloads/';
$type = 'application/x-rar-compressed, application/octet-stream, application/zip';
function makeDownload($file, $dir, $type)
{
header("Content-Type: $type");
header("Content-Disposition: attachment; filename=\"$file\"");
readfile($dir.$file);
}
if(!empty($_GET['file']) && !preg_match('=/=', $_GET['file'])) {
if(file_exists ($dir.$_GET['file'])) {
makeDownload($_GET['file'], $dir, $type);
}
}
It works fine on win7 + ff/opera/chrome/safari, but on MAC it tries to download file.rar.html or file.zip.html instead of file.rar/file.zip.
Any ideas why?
Thanks in advance
"application/x-rar-compressed, application/octet-stream, application/zip" is not a valid file type. You need to add logic in your script to detect the type of file, then offer a specific file type. Example (untested):
<?php
$dir = 'downloads/';
function makeDownload($file, $dir)
{
switch(strtolower(end(explode(".", $file)))) {
case "zip": $type = "application/zip"; break;
case "rar": $type = "application/x-rar-compressed"; break;
default: $type = "application/octet-stream";
}
header("Content-Type: $type");
header("Content-Disposition: attachment; filename=\"$file\"");
readfile($dir.$file);
exit; // you should exit here to prevent the file from becoming corrupted if anything else gets echo'd after this function was called.
}
if(!empty($_GET['file']) && !preg_match('=/=', $_GET['file'])) {
if(file_exists ($dir.$_GET['file'])) {
makeDownload($_GET['file'], $dir);
}
}
?>
Related
I would like to download files from a repository, I have the code below, the file is found, but nothing happens...
I have no error.
I used test values for the moment, but I will use GET later.
The target is to donwload the file directly :
$dossier = "../private/cartes_identites/test/";
$filename = "test.png";
$file = $dossier.$filename;
//First, see if the file exists
if (!is_file($file)) { die("<b>404 File not found!</b>"); }
else echo "file exists";
$ext = strrchr( $filename, "." );
switch( $ext ) {
case ".zip": $type = "application/zip"; break;
case ".txt": $type = "text/plain"; break;
case ".pdf": $type = "application/pdf"; break;
case('gif') : $type = "image/gif";break;
case('pnggif') : $type = "image/png";break;
case('jpg') : $type = "image/jpeg";break;
default: $type = "application/octet-stream"; break;
}
echo $ext;
// Constitution de l'header suivant le type
header("Content-Description: File Transfer");
header("Content-Type: $type\n");
header("Content-Transfer-Encoding: binary");
header("Content-disposition: attachment; filename=$filename");
header("Content-Length: ".filesize( $dossier.$filename ) );
// Lecture et Affichage
file_get_contents( $dossier.$filename );
?>
Currently you're just reading the file's content through file_get_contents, but you're never delivering the content to the client.
Either echo the file's content to the user like this
// ...
header("Content-Length: ".filesize( $dossier.$filename ) );
// Lecture et Affichage
echo file_get_contents( $dossier.$filename );
?>
or you can also use the readfile function instead of the file_get_contents like this:
// ...
header("Content-Length: ".filesize( $dossier.$filename ) );
// Lecture et Affichage
readfile( $dossier.$filename );
?>
Also, you should get rid of the echo $ext; and only echo the file content, otherwise it might look like the file's corrupt.
<?php
if(isset($_POST['sportname'])){
include("connect.php");
$name = $_POST['sportname'];
$sql = "Select docs From tbl_sport WHERE sprt_name= '".$name."'";
$result = mysql_query($sql);
$row=mysql_fetch_object($result);
$file = $row->docs;
ini_set("allow-url-fopen", true);
// Fetch the file info.
$filePath = 'http://prisaa-region11.com/Docs/'.$file;
if(file_exists($filePath)) {
$fileName = basename($filePath);
$fileSize = filesize($filePath);
// Output headers.
header("Cache-Control: private");
header("Content-Type: application/stream");
header("Content-Length: ".$fileSize);
header("Content-Disposition: attachment; filename=".$fileDisplayName);
// Output file.
readfile ($filePath);
exit();
}
else {
die('The provided file path is not valid.');
}
}
?>
i dont know whats wrong with the path
You might want to try Filter Validator
if (filter_var($url, FILTER_VALIDATE_URL) === FALSE) {
die('Not a valid URL');
}
Check this similar thread
Best way to check if a URL is valid
For a small side project, I had to create a call that gets the PDF via WHMCS. I see the API can get the variables, such as quantity, invoice items etc, but I want the same PDF that the system would send if a client had placed an order. I have a PHP app.
UPDATE
Following the awesome advice below, I was able to solve this in one line:
$pdf->Output('invoice.'.$invoicenum.'.pdf', 'F');
Now every time the invoice is viewed, or emailed, the latest version (paid or unpaid) is stored at the location I chose.
There is an article Store Pdf Invoice on ftp with this information:
1-Change in this code
INVOICESDIRECTORY - directory where I'm keeping PDF invoices
ADMINDIRECTORY - administration directory
2- Paste it in last line of invoicepdf.tpl file in Your template.
if ($status=="Paid") {
if(strpos($_SERVER['PHP_SELF'],"ADMINDIRECTORY") === false) {
if((strpos($_SERVER['PHP_SELF'],"dl.php") !== false) || (strpos($_SERVER['PHP_SELF'],"dl.html") !== false)) {
if(!file_exists("./INVOICESDIRECTORY/".str_replace("/", "-", $invoicenum).".pdf")) {
$pdf->Output("./INVOICESDIRECTORY/".str_replace("/", "-", $invoicenum).".pdf", "F");
}
$fullPath = "./INVOICESDIRECTORY/".str_replace("/", "-", $invoicenum).".pdf";
if ($fd = fopen ($fullPath, "r")) {
$fsize = filesize($fullPath);
$path_parts = pathinfo($fullPath);
$ext = strtolower($path_parts["extension"]);
switch ($ext) {
case "pdf":
header("Content-type: application/pdf"); // add here more headers for diff. extensions
header("Content-Disposition: attachment; filename=\"".str_replace("-", "/", $path_parts["basename"])."\""); // use 'attachment' to force a download
break;
default;
header("Content-type: application/octet-stream");
header("Content-Disposition: filename=\"".str_replace("-", "/", $path_parts["basename"])."\"");
}
header("Content-length: $fsize");
header("Cache-control: private"); //use this to open files directly
while(!feof($fd)) {
$buffer = fread($fd, 2048);
echo $buffer;
}
}
fclose ($fd);
exit;
}
}
else {
if(!file_exists("./../INVOICESDIRECTORY/".str_replace("/", "-", $invoicenum).".pdf")) {
$pdf->Output("./../INVOICESDIRECTORY/".str_replace("/", "-", $invoicenum).".pdf", "F");
}
}
}
A better solution can be found here. This involves creating an API call that base64 encodes the result to you. Much more sophisticated.
I have this download script which works perfectly, but one the file is downloaded, I want the page to reload. But once the file is downloaded, the page just dies? It is supposed to be a secure download script so users can't see the paths of files. It's called by using a POST submission
<?php
session_start();
//Assign variables from session
$userid = $_SESSION["id"];
$email = $_SESSION['email'];
$password = $_SESSION['password'];
//Require database connection and functions
require('includes/config.php');
include('includes/functions.php');
//Check if user is logged in
if (!$userid || !$email || !$password)
{
header("Location: index.php");
}
// Usage: Download
// Path to downloadable files (will not be revealed to users so they will never know your file's real address)
$hiddenPath = "uploaded_notes/";
// VARIABLES
if (!empty($_POST['file'])){
$file_id = $_POST['file'];
$result = mysql_query("SELECT * FROM files WHERE id='$file_id'");
$row = mysql_fetch_array($result);
$file = $row['location'];
$price = $row['price'];
$result2 = mysql_query("SELECT coins FROM users WHERE id='$userid'");
$row2 = mysql_fetch_array($result2);
$coins = $row2['coins'];
$new_coins = $coins-$price;
if ($new_coins >= 0)
{
mysql_query("UPDATE users SET coins = $new_coins WHERE id='$id'");
}
else {
header("Location: dashboard.php");
die();
}
//Insert into purchases
$datetime = date("Y-m-d H:i:s");#
mysql_query("INSERT INTO purchases (userid, fileid, datetime) VALUES ('$userid', '$file_id', '$datetime')");
$file = str_replace('%20', ' ', $file);
$category = (!empty($_GET['category'])) ? $_GET['category'] . '/' : '';
} else {
header('Location: dashboard.php');
die('Hacking attempt reported.');
}
$file_real = $hiddenPath . $category . $file;
$ip = $_SERVER['REMOTE_ADDR'];
// If requested file exists
if (file_exists($file_real)){
// Get extension of requested file
$extension = strtolower(substr(strrchr($file, "."), 1));
// Determine correct MIME type
switch($extension){
case "asf": $type = "video/x-ms-asf"; break;
case "avi": $type = "video/x-msvideo"; break;
case "exe": $type = "application/octet-stream"; break;
case "mov": $type = "video/quicktime"; break;
case "mp3": $type = "audio/mpeg"; break;
case "mpg": $type = "video/mpeg"; break;
case "mpeg": $type = "video/mpeg"; break;
case "rar": $type = "encoding/x-compress"; break;
case "txt": $type = "text/plain"; break;
case "wav": $type = "audio/wav"; break;
case "wma": $type = "audio/x-ms-wma"; break;
case "wmv": $type = "video/x-ms-wmv"; break;
case "zip": $type = "application/x-zip-compressed"; break;
case "jpg": $type = "image/jpeg"; break;
default: $type = "application/force-download"; break;
}
// Fix IE bug [0]
$header_file = (strstr($_SERVER['HTTP_USER_AGENT'], 'MSIE')) ? preg_replace('/\./', '%2e', $file, substr_count($file, '.') - 1) : $file;
// Prepare headers
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public", false);
header("Content-Description: File Transfer");
header("Content-Type: " . $type);
header("Accept-Ranges: bytes");
header("Content-Disposition: attachment; filename=\"" . $header_file . "\";");
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . filesize($file_real));
// Send file for download
if ($stream = fopen($file_real, 'rb')){
while(!feof($stream) && connection_status() == 0){
//reset time limit for big files
print(fread($stream,1024*8));
flush();
}
fclose($stream);
}
}else{
// Requested file does not exist (File not found)
echo("Requested file does not exist");
die();
}
?>
The refresh code works if I put it right before
print(fread($stream,1024*8));
But after that it does not work...
Downloading a file is a one time thing. You won't be able to redirect after the file is downloaded. You can try adding a refresh header before pumping out your contents, but some browsers will see that as a cancellation.
See this post for more information: https://stackoverflow.com/questions/5960895/redirect-after-download-not-working-php
You can read this post, this post, and this post for more information.
Basically, what they all boil down to is the HTTP headers. A redirect header cannot be sent after you have echoed content. On the other hand, a redirect header before echoing content will just cancel the download.
A different way you could do this would be to have a hidden iframe, and submit your request there, but I am guessing that isn't what you are wanting.
I am using wordpress for my website and there are some wallpapers in my folder which i provide for download . But i dont want users to know the exact file location of folder . As there is a subscription for the download.
suppose my file is stored in
http://www.example.com/wp-content/example.folder/awesome.png
Now how to hide the folder name example.folder and use any fake name, That dosent shows up while downloading . Really need a big help on this. can anyone suggest me a good method. I tried some wordpress plugins , but no help on this.
Example With PDF doc
$nameOld = "/public_html/wp-content/example.folder/oldnme.pdf";
$nameNew = "newName.pdf" ;
header("Content-Transfer-Encoding: binary");
header('Content-type: application/pdf');
header("Content-disposition: attachment; filename=$nameNew"); //
readfile($nameOld);
Edit
Prove of Concept for your image system using download.php?img=flower without the extension and flower show be the image name
$directory = "/public_html/wp-content/example.folder/";
$types = array("jpg","gif","png");
$ext = null;
if (! isset($_GET['img'])) {
die("Invalid URL");
}
$nameOld = filter_var($_GET['img'], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH | FILTER_FLAG_STRIP_LOW);
$nameNew = uniqid(basename($nameOld));
// File the file
foreach ( $types as $type ) {
if (is_file($nameOld . "." . $type)) {
$ext = $type;
break;
}
}
if ($ext == null) {
die("Sorry Image Not Found");
}
$nameOld .= "." . $ext;
$type = image_type_to_mime_type(exif_imagetype($nameOld));
header("Content-Transfer-Encoding: binary");
header('Content-type: ' . $type);
header("Content-disposition: attachment; filename=$nameNew"); //
readfile($nameOld);