$f = $_GET['f'];
//f = filename i.e file.mp3
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($f));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($f));
ob_clean();
flush();
This code works if i have all the mp3 files stored in the root directory but it doesn't if I store them in a separate folder such as /files
I have tried changing the basename and adding a path to $f but no luck
Is there a way i can have this code download the files from a dir instead of root?
Well that would be because basename explicitly strips everything but the file name part of the file path. So basename("foo/bar/baz.mp3") yields "baz.mp3".
And as others have already mentioned the way you have coded your PHP script is a major security flaw, because now someone could do something like "www.example.com/index.php?f=index.php" and your script (assuming it is located at www.example.com/index.php) would serve up its own source. With a bit of creativity, any external file your script can have access to may be downloaded in that way. Not good, you really do need to restrict the files to a whitelist of allowed paths.
Related
Hi i created a sql file using php and i need to download to my custom folder but i automatically download to "download" folder
i need to download to my custom folder
$directory = '/opt/lampp/htdocs/james/makent_learn/public/backup';
$full_path = '/opt/lampp/htdocs/james/makent_learn/public/backup/mybackup_1630250271.sql';
header('Content-Type: application/octet-stream');
header("Content-Transfer-Encoding: Binary");
header("Content-disposition: attachment; filename=\"".basename($full_path)."\"");
readfile($full_path);
I am working with Laravel 5.8 and i am using phpword to creat .rtf file.
When i download it the it is opening as zip file. I changed the file type rtf to docx but i got the same result.
With this bellow code i can manage to download the file as RTF instead of Zip archive.
Ok now I can manage to solve it with bellow code
############## Create RTF file ##############
$objWriter = \PhpOffice\PhpWord\IOFactory::createWriter($phpWord, 'Word2007');
$objWriter->save(public_path('Report_File/InfoSec_DFAR_Report_' . $time . '.rtf'));
############## Create RTF file ##############
############## Download RTF file ##############
header("Cache-Control: public"); // needed for internet explorer
header("Content-Type: application/rtf");
header("Content-Transfer-Encoding: Binary");
header("Content-Length:".filesize(public_path('Report_File/filename' . $time . '.rtf')));
header("Content-Disposition: attachment; filename=InfoSec_DFAR_Report_".$time. '.rtf');
readfile(public_path('Report_File/filename' . $time . '.rtf'));
die();
############## Download RTF file ##############
I'm trying to load an appcast xml file from a php file, The xml contains a file path used to display a changelog.html & gives a download path to a file. Normally, I don't want browsers to be able to access this stuff, so, the xml file, changelog & the file are all together in folder above the web root directory. The php file is inside of the webroot.
Here's my php code:
$filename = "./home/myaccountusername/folder1/folder2/appcast.xml";
if (!file_exists ($filename)) throw new Exception("File not found");
// Set the content type to xml
header('Content-Type: text/xml');
header('Content-Disposition: attachment; filename="' . basename($filename) . '"');
header('Content-Length: ' . filesize($filename));
// Tell the user-agent (Stacks) not to cache the file
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
// Flush the output buffer
ob_clean();
flush();
// Read the data and send the file
//throw new Exception("FileName: " . $filename);
readfile($filename);
exit;
It's throwing exception: File not found
How do I write the paths to look above the webroot & when passed to my final display interface, allows the changelog.html to be opened & the file to be downloaded?
Note: I've tried the beginning of the path to be /home... and home... & even ../../../folder1/ ...
Is this possible to set up in php? Can't figure it out.
Update1:
Here's a tree of server:
- public_html
- appcastsecure
- productfolder
- appcast.xml
- changelog.html
- productzipfile.zip
- company_folder
- secureappcast
- appcastfile.php (start here for pathing)
I'm using DIR in appcastfile.php which gives path to appcast.xml:
$filename = /home/userdir/public_html/company_folder/secureappcast/../../appcastsecure/productfolder/appcast.xml
My problem is appcast.xml is pushed to clients on their server, so I can't figure out how to set up pathing in appcast.xml so it will point to changelog & productzipfile on my server (all are outside of public_html)
Firstly, the one in your example is trying to access the a folder relative to the current directory...
$filename = "./home/myaccountusername/folder1/folder2/appcast.xml";
The first dot shouldn't be there anyway.
If you want to access a file that is relative to a directory, you can use __DIR__, which gives the directory of the script your currently in. This then depends on where the file your trying to access is relative to the current script. So
$filename = __DIR__."/../appcast.xml";
Is a file in the directory above the one containing this script. You will have to adjust this depending on your particular requirements.
In a LAMP Webserver PDF help files are stored outside the document root in a given path /var/myFiles/help/. The path is set to read access which was done by the admin. To read and show them on a web page I use this code
define(PDF_PATH,"/var/myFiles/help/");
$file = PDF_PATH.'help.pdf';
header('Content-Type: application/pdf');
header('Content-Disposition: inline; filename="'.$name.'"');
header('Cache-Control: private, max-age=0, must-revalidate');
header('Pragma: public');
But finally I get a PDF file NOT FOUND error on the webpage.
What do I do wrong ? Any help is appreciated.
EDIT :
For better understanding I update the question. This is the given path structure
/var
/www
/html
/myFiles
/help
/help.pdf
How to access help.pdf and show it on a webpage ?
EDIT 2: I update the path in the define method to match the above example
I answer the quesion myself
The answer of Anant is correct. I forgot to add #readfile($name) after the header() declaration in the php file. See question above.
I recently switched servers. From shared w/ control panel to a VPS
On my old server this PHP worked:
header("Content-disposition: attachment; filename= 'welcome.doc'");
header('Content-type: application/msword');
readfile("/home/abcme/aboveroot/admin/welcome.doc");
The same folder structure exists in the new serve. There is a folder above home named aboveroot and a folder in that called admin and a file in that called welcome.doc
I changed the /home/abcme so that "abcme" is the correct new accountname
Now I get an error saying the file cannot be found. Is there something that needs to be enabled in my server or what else might explain this?
Based on what you said the structure would be like so:
>aboveroot
-home
-admin
-welcome.doc
So your header would say (assuming that /aboveroot is your webroot, which doesn't seem the case given the name):
header("Content-disposition: attachment; filename= 'welcome.doc'");
header('Content-type: application/msword');
readfile("/aboveroot/admin/welcome.doc");