Wampserver 2.2
PHP
$path is outside the www-root.
$path = 'file:///c:/path/files'<br />
$file = 'file.txt'<br />
echo "< a href='$path/$file'> . $file . < /a>< br />";
How do I make this accessable so visitors can download $file? Nothing is happening when I click the link. This is a part of a small and simple document management system.
You mix up two concepts:
The file path on the server where a file is stored
The URL for the client where to find that file
it is one of the more important functions of a webserver to abstract apart these two locations.
If you want to server a file from outside of your www-root, you need to create a helper script inside your www-root, that does the download. If you write this in PHP, look at the fpassthru() or readfile() functions.
Outsiders can't access files on your computer just by providing the link to them! This would be a huge security issue!
See this answer here
Allow users to download files outside webroot
Related
Here is the context : I need to load heavy files in the Google Earth plugin on a website. I have a php script that build up a path to those files and send it to javascript through ajax. Then, the plugin download the file and build it on earth. This take a long time. I need to speed that up for a public event. The computer can run a web server and have these files on his hard drive.
So here is my question : Is there a way for php to check if the client is running a local server and check if it contains a specific file ? Or at least, to execute a php script from this local server ?
Something like :
if(is_file('localhost/files/heavy.kmz'))
$path = 'localhost/files/heavy.kmz';
else
$path = 'www.randomsite.com/files/heavy.kmz';
return $path
Of course, this localhost refers to the wrong server :(.
I guess that if it was possible, there would be security issues. But i ask anyway.
I'm not very used to stackoverflow habits, I hope a didn't do anything wrong.
Kororo.
Edit : I will try to clarify a bit.
I know the path of the files on localhost. I need to check if it exist or not in order to send a path or another. If i can find it, i don't have to download it from the server.
The local webserver is only needed on machine to allow php check of the file.
If the data file is on the same machine, and you can tell where your data file should be relative to the script you are using to check it's existence, just use the __DIR__ (or dirname(__FILE__) if your php is ancient) to create the path.
So for example, you have have the directory structure like this:
files/
heavy.kmz
check.php
...
Then inside the check.php the following work as expected:
if (is_file(__DIR__.'/files/heavy.kmz')) {
$path = __DIR__.'/files/heavy.kmz';
} else {
$path = 'www.randomsite.com/files/heavy.kmz';
}
so files are uploaded to a non web accessible directory on my server, but i want to provide a URL or some for of download access to these files. Below is my attempt, but it isn't working.
$destination = $_SERVER["DOCUMENT_ROOT"] . "/../Uploads/" . $random;
mkdir($destination);
move_uploaded_file($temp, $destination."/".$name);
$final = $server."/".$destination."/".$name;
**$yourfile = readfile('$final');**
and i then echo our $yourfile:
<?php echo $yourfile; ?>
elsewhere.
I either get a failed to open stream, or a huge long string. Is there any solution to just download the file on request via URL?
EDIT: I want to keep the directory non web accessible.
readfile outputs the content directly, it does not return it. Alternatively read the manual page on file_get_contents.
readfile('$final'); is never going to succeed. Unless the file literally had the "$final" name. Double quotes or no quotes.
Your question has been answered a few hundred times already. There's no need for you to post your issue four times in a row.
PHP display/download directory files outside the webserver root
How to serve documents from outside the web root using PHP?
Display all images from outside web root folder using PHP
https://stackoverflow.com/search?q=php%20readfile%20from%20outside%20docroot
I have a file sort of like this, it's a user database (udb.htm):
user1:pwd1
user2:pwd2
user3:pwd3
something along the lines of that. I would like to secure this file and make it available for PHP via the file_get_contents("udb.htm"); method, but not a browser window. Thanks!
you can:
upload the file in a directory outside the public html directory, but that php has access
block the access to the file using apache .htaccess <Files> or similar
use HTTP Basic Authentication
save your data in an actual database (mysql, mssql, oracle, sqlite)
Put the file outside of the web root. For instance, in the directory that contains public_html. PHP can access it (and any other file on the system), but you can't get to it from the web.
Move the file into a folder still accesible to PHP but not web clients.
What you want to do is put the database below the web path. So for example, if your website is at www.example.com and it points to: /var/www/html
Then you can put your password file into /var/www/password/udb.htm
Then access it from your php script as file_get_contents("../../password/udb.htm")
Your script can access the file, but your web service will not.
This changes the permissions of your file before open, and remove grants when you close the file, be sure about webserver permissions over the file.
<?php
$file = 'udb.htm';
chmod($file, 0600);
$contents = file_get_contents($file);
chmod($file, 0000);
?>
I would like to try creating a PHP web file manager that could read on my machines. As I have a couple of PC and laptops, and I would like to create a central storage to store my files, documents, etc. Hence, I would like to create a web based file manager that can fulfill my need. I know there are a handful of free and opensource web file manager out there, but I would like to create my own so that I can tweak accordingly.
Hence I have some questions regarding how can I go about creating a file manager for such a purpose:
1) As I have both mac and win machines, how can my file manager be able to access the different platforms, and reading shared or portable drives as well?
2) I have done up to generating the files/folders:
// declare the folder
$directory = "./";
// prepare to read directory contents
$dir = #opendir($directory);
// loop through the items
while ($file = readdir($dir))
{
// check if it is a dir
if (is_dir($file))
{
echo "dir: $file <br />";
} else {
echo "file: $file <br />";
}
}
closedir($dir);
How do I create the links for these files etc?
Thank you very much.
There are not actual differences in the PHP file/directory functions across plattforms. readdir would do fine.
However I would recommend Horde VFS for the ambitious. http://pear.php.net/package/VFS/redirected (on PEAR, but also look for the Horde project).
It provides different backends with a unified API. It allows browsing remote files (FTP or SSH) and local stuff. It could also allow for virtual backends, like e.g. database browsing. I'm not sure if it does much, but if there are discrepancies it should also hide away differences between Mac and Win filesystems.
As for the links, simply output them as echo "<a href='view.php?fn=$fn'>$fn</a>" and take care to add some logic to the view script. In particular security precautions so it cannot read outside of the document_root.
How do I create the links for these files etc?
If the files are under the web root you can directly link to them but you can't directly link to just any file on the PC through the web. That would bring all sort of security problems.
You could instead link to a PHP script that would implement some form of access control to the file. To send a file from a PHP script set the appropriate mime-type using the header() function and send the file using the readfile() function.
There is an incredible amount of details involved in implementing a portable general purpose file manager such as how to handle Unix symbolic links or Windows drive letters. Too much to cover in a single Stackoverflow question.
I have read the following tutorial "Uploading Files To the Server Using PHP"
and have several questions related to the topics.
Q1> The tutorial mentions that
"Note that PHP must have write access
to $uploadDir or else the upload will
fail"
For me, I only allow the user to upload the file after the user has login to the website.
If we set that $uploadDir permission as 777, then everyone can have written permission to that folder. How to avoid this problems?
Also I am using WAMP as my testing bed, can I simulate the same case as a real web server?
Q2> In order to prevent Preventing direct access, the tutorial mentions:
"A better approach is to move the
upload directory away from your web
root. For example, the web root for
this site is:
/home/arman198/public_html/ to prevent
direct listing i can set the upload
directory to /home/arman198/upload/."
Now my problem is that how can I display the uploaded images on other website pages. Since, the upload is not accessible directly anymore? I need to display the uploaded image save personal headshot dynamically on other website page. Is it possible?
Thank you
It's a common problem.
All modern computers have a temporary files directory. On Linux/Unix it's /tmp, on Windows it's usually c:\temp. The OS install will have set permissions on that directory so that anyone can write files there but only privileged users can delete files that don't belong to them. This is where PHP will want to put an uploaded file; your application then has to move it elsewhere (this is the purpose of the move_uploaded_file() function). PHP under Windows may need upload_tmp_dir actually set in the php.ini file.
Once you have an uploaded file, you can shift it whereever you like, including to where the webserver can read it to serve it. The biggest problem with that it is awfully easy to put this directory inside your codebase. Don't do that. As soon as you do anything beyond editing the files inside the directory they are served from, it will be problematic. Trust me: I've dealt with a few times this in code I've inherited. It's easy to let your webserver load files from a location outside your codebase.
The other alternative is to produce a download script. That way the file need not be servable by the webserver at all. One disadvantage is that you don't get to leverage the web server's MIME translation, but then, that lets you control which types of image files are permitted.
For the second question, you can use a PHP script intead of direct access to the directory. Lets name it image.php. Lets assume that it can take a parameter id, like image.php?id=image_id. In that file you can get the id using superglobal array $_GET. Then you can search for images with that Id and just send it as response.
First one I'm not sure, but maybe play with .htaccess file.
And for the first question, try setting your permissions to 775. That should allow PHP to write the file to the directory without giving the general public write access.