I am creating a web application where user can use browser to execute word/excel/pdf files.
I have used scandir() to show list of files of a folder. Now when the user clicks the link, ie;name of the file(.doc, .xls, .pdf etc), the file should open with corresponding application.
The file should not open in browser. It should open normally with corresponding application.
How can I achieve this ?
I would be grateful if I could get any guidance on it.
Thank you
Related
Unable to correctly use php code to load a video mp4 file stored in home directory.
Hi, I am building a WP site that sells instruction video mp4 files. To protect the files I have placed them in a directory called videos which is in the home directory (outside of the public_html directory) to protect the files from being downloaded for free. I am trying to write php code for loading the video. However, I can't access the video in /home/username/videos.
My code:
add_action('template_redirect', 'video_redirect', 5);
function video_redirect(){
if (is_admin())
return;
if (!is_page(videoplayerpageonmysite))
return;
$filename="/home/username/videos/videofile.mp4";
echo " Your browser does not support the video tag.";
Each time I run the code I get a No video with supported format... error.
I'm only able to get it to load the video file when it is in the public_html folder (it works perfectly then), but not when it is located in /home/username/videos/
Please help!
You can't give the browser a file path on your server's hard disk and expect it to be able to load it. It will resolve it as a relative URL, ask the HTTP server for it, and then get a 404.
You need to give the browser a URL that actually loads the file.
If you want to limit who can access it (e.g. people who have paid), then you could write a PHP program that checks to see if the request is coming from someone who has paid (i.e. Authentication + Authorization), then reads the file and outputs it in the HTTP response.
You have to use a PHP script as the source URL in the video tag and specify some identifier for which video it should load e.g. src="loadvideo.php?id=1" or something. (This is because the source must be a valid URL which is actually accessible on the webserver - the browser, which don't forget runs on the user's machine not the server, cannot navigate to a path on disk. If it could, then moving your files outside the public_html folder would not provide any security!)
And then when the video tag is loaded into the page, it will make a request to that URL, which causes the PHP script to run. The script must associate the provided ID with the correct file on disk, fetch the contents of that file and echo them as the response, along with appropriate headers (e.g. mime type etc). You can probably find examples of this pattern online already.
Of course the PHP script will also need to authenticate the request to make sure the requestor is a signed-in, paid user, otherwise you still aren't protecting anything. Without this last step, anyone could just visit the PHP script's URL and provide an ID until they got a result, and download the videos just as if you'd put them in the public_html folder. As long as you implement security correctly though, only users who already paid for the videos would be able to download them.
I am facing some typical problem from one of my project.
A section in my project need a file up loader. The requirement is when an user clicks on the browse button, it will not only opens up the local directory, the already uploaded file directory need to accessed as well.
In simple file uploader only the local directory can be accessed, I cannot able to fine any way out.
If any one can help me in this issue, it will be great for me.
Thanks in advance.
Is impossible to use to use the "file open dialog" / file uploader to browse files from server.
You can create a dialog inside your browser with (html,css,php).
Is difficult to give an example, because I do not know your requirements.
However you have to use two buttons, it will be easier:
upload from your computer
upload from the server
On click "upload from the server" , opens a window IN BROWSER (HTML+CSS) , that lists your folders and files on the server.
To implement this , read here:
http://php.net/manual/en/function.scandir.php
http://php.net/manual/en/function.readdir.php
I have this in my code:
Sample PDF
So basically it will appear to be a download link to file 'sample.pdf' but the problem is, there's a restriction in downloading this file. so whenever there are confidential reports uploaded and a malicious user accidentally memorized or viewed the URL of the download link in the browser history he can easily download it even without accessing the website because it is a direct link. What am i supposed to do so this link will be protected? or be downloaded only for the user assigned to it?
Don't serve up files by their direct URLs. Have a PHP script receive the filename of the file wanted, and serve it up.
So, if someone wants to download the above files, he would go to
example.com/getfile?file=sample.pdf
Your PHP script would check if the current user has permission to view the file, and then serve it up.
Make your links like this:
Sample PDF
Your current method is very insecure for sensitive files. A malicious user could trivially write a script to download ALL files in res/pdf. All he needs to do is check every permutation of letters in the directory, and throw away all 404 errors.
You will not redirect the user since that would defeat the purpose. You will serve the file as a download with the appropriate Content-disposition header.
Here's an example: Fastest Way to Serve a File Using PHP
You can google and get many more examples.
Here's a great example that shows how to serve PDF files:
https://serverfault.com/questions/316814/php-serve-a-file-for-download-without-providing-the-direct-link
You can restrict using htaccess
I have a WordPress site, in which type1 users can upload *.doc files and type2 users should be able to open them by clicking on a link which represents a file.
The file then should be opened in a new window of the browser.
I got the first part easily - there are many guides on uploading a file.
But I couldn't find one that goes through all the steps of getting and opening a file which resides on a server directory.
I assume clicking the link should cause an ajax request which will send the file key to the server.
The server can then get from the MySQL DB the file name and location.
But what do I do then?
How do I get the file from the server directory, send it back to the client and open it for reading in the browser?
Edit:
I want the files to be confidential and not let just anyone read them so giving the users the link for the file on the server isn't the right way.
I still think I need to send the file from the server directory to the client.
How can this be done?
You can add links to uploaded media in WordPress easily. Just remember to link to the actual file:
I want the files to be confidential and not let just anyone read them so giving the users the link for the file on the server isn't the right way.
Yes it is. You can't let people read the document without giving them the document.
If you want to keep it confidential, then require the users to agree not to share the link with anyone else. Or go further and add a layer of authentication + authorisation and also require that users not hand over their credentials.
Simply, redirect the browser to the location of the file. It's depend on user's browser settings that file opens on the browser directly, or user sees open/save dialog.
But, if you want to open the file inside the browser without letting user download it, you should redirect her/him to a custom page. e.g. a page that loads a doc editor.
There's no way to show a Microsoft Word file inside the browser unless they install proper software. e.g. an Applet or ActiveX or something that be able to open MSWord files.
Consider using WP Client File Share plugin.
I've been able to upload a file through PHP to a non-hosted directory (directory is not on the website) with read/write permissions for the PHP file (www). How would I download the file from this directory? I've been able to list the contents of the directory, but clicking on the files (made the filenames links) does not work as the computer attempts to download the file from the path on the server. I'm new to PHP, so all help is appreciated. Thanks!
Edit: Before I get down votes for this being a broad question, I just want to know how to access the files in the non-hosted directory and pass them to the user. I already know how to download normal files hosted on the website. Thanks!
You can use a delegating PHP file for file access. I don't know anything about your structure, but if you can write it, you can (presumably) read it back with file_get_contents:
<?php
echo file_get_contents('/the/path/to/the/unhosted/directory/file.ext');
?>