I have an internal server running PHP and an internal file directory with some work instructions pdfs for our technicians to read from. I'm trying to add a link to those pdf files so the technicians can click on the link and open the pdf in the browser.
So I have echo "' . "Work Instruction Link"
and I get Security Error: Content at http://LocalServer:50563/workInstructions.php may not load or link to file:///path/to/workInstruction.pdf
I understand the security risk of not being able to access the local files of a user from a web page, but I don't understand why I can paste the same file url into the address bar and the file will display on the web page. How are those two mechanisms different?
Is there a way to make that link work while serving it from my PHP server, or am I just going about the problem completely wrong? Is there something wrong with my formatting or syntax that I'm not catching?
I noticed that the error response does not contain the server in the file name. I don't exactly know what that means, or why that is the case.
My question is not answered by this post: html-File URL "Not allowed to load local resource in the internet browser because 1. it is asking within classic ASP which is a very different technology from PHP and 2. While it does have the same error message it does not explain how to have a link to files hosted on the same server as the webserver.
I have also tried the answer to this question: Point a link to a certain server
but it did not work for me when i try to convert "FILE://fileserver/path/to/workInstruction.pdf" to "Http://fileserver/path/to/workInstruction.pdf" I'm guessing because it's a file server and not a webserver that the pdf is located on.
To further pinpoint my question, is there a way in PHP to serve a link to a file hosted on a local server that the user can click and open a PDF in the browser?
For anyone else coming to this looking for an answer I have found this answer worked for me:
PHP-Display PDF on browser
Essentially I take the file path of the PDF I'm trying to load that I get from my fileserver and redirect to a new php file that reads the file and displays it in a new tab
The php file that contains the link will have something like this:
echo ''.$wi_num.'';
My workInstruction.php looks like this:
<?php
$filename= $_GET['filename'];
$filePath= $_GET['filepath'];
header('Content-type:application/pdf');
header('Content-disposition: inline; filename="'.$filename.'"');
header('content-Transfer-Encoding:binary');
header('Accept-Ranges:bytes');
#readfile($filePath);
?>
I'm using the PHP Azure library to create a SAS token for delivering files (File Storage, not blob, and not public) to an authenticated user of a site after they click a link. The link leads to a PHP page where I create the SAS and then issue a Location: header to invoke the downloads. There are no known issues with anything leading up to the final completion of the download.
In the attached image the steps 1-4 are repeated.. one for each file selected.
The issue is that as the URLs are external to the site (CDN) the Location: $url + sas is used. This alters the browser location but is not reflected in the browser... the headers push the file as an attachment.
As mentioned, he user can continue to click other download links on the originating page and they work fine (this is desirable) however the first time they select any link on that same page to go elsewhere on the originating page/site (shown as clicking "home" in the example, the browser true location is revealed (accountname.file.core.windows.net/etc ) and the user gets a Resource not found error originating from the Azure File Storage server. (shown under the chart)
7.10.2017 added this image to illustrate the process used:
Link to SAS process chart
I'm slightly at a loss on how to push a URL download from a CDN without the browser location getting "reset" in this manner. I've done this from local servers/files many times but the Location: $url/SAS aspect is a different dynamic. In my mind, this should behave no differently than pointing the browser to a publicly accessible URL with an EXE that pushes the download, and still allows the user to say on the originating site. I'm starting to think this should be a redirect instead of Location but I haven't found very many Azure/SAS/File Storage examples to back this up. I have to be missing something simple here but it's escaping me.
I am not sure if I get it correctly, you seem to wanna download the file from Azure storage without changing address in the browser by using PHP script.
Basically, you can use file_get_contents() function as below to achieve this.
header('Content-Type: application/octet-stream');
header("Content-Disposition: attachment; filename=$filename");
$response = file_get_contents($SASUri);
echo $response;
I have a video file and I have commanded the server through htaccess to redirect when requesting the file url. However, I wonder if someone remote can use php functions such as file_get_contents to access the video file since I have only one server and I am not sure whether remote servers can access to it. In my own server I can access to it. Yet I don't want others to access the video file unless authenticated by php.
If you really do not want people to get that video why have it in public web folder? Just put it somewhere else and problem solved. What is the use case of this?
That said, if your redirect is working correctly, the file will not be served. file_get_contents() is still requesting the file from your webserver so it can't just magically ignore the redirect.
If you want to be able to download that file but prevent everyone else from doing it, put the file out of your www root and have a php script to retreive it. You can set up basic http authentication to prevent anyone accessing the php script.
header("Content-Type: application/octet-stream");
header("Content-Transfer-Encoding: Binary")
header("Content-disposition: attachment; filename=\"myvideo.avi\"");
echo file_get_contents("/directory/out/of/www/that/is/readable/by/www-data");
A url is the direct link towards a resource as per my knowledge. I have experience with Apache and PHP, and I know that using .htaccess file, one may set a default file (like index.php) for a location where no need to provide end file name.
But for file links, one need to provide a direct link, having filename and extension like somedomain.com/file.txt. But recently I found some links, especially download links, that dont have a url with filename and extension.
For example, i tried to grab direct .mp4 file url for this youtube video www.youtube.com/watch?v=W1- L58y2uf4 , of resolution 1080p HD. Then I got a url (using clipconverter.cc) like;
http://r9---sn-25g7sne7.c.youtube.com /videoplayback?source=youtube& ip=2001:41d0:8:1f2b:3a0e:6049:6b4f:92 e9&expire=1378905654& sparams=cp,id,ip,ipbits,itag,ratebypass,sou rce,upn,expire&ipbits=48& upn=BgsjQ8lS424& cp=U0hWTVlLU19KTkNONl9RRVdHOkZIZ0 diYTFXLWRJ&key=yt1& id=5b5f8be7ccb6b9fe&mt=1378881529& ratebypass=yes&itag=37&sver=3& mv=m&fexp=903309,919391,910207,91 4071,916612,924606,929117,929121,92 9906,929907,929922,929127,929129,92 9131,929930,936403,925726,936310,92 5720,925722,925718,925714,929917,90 6945,929933,920302,906842,913428,92 0605,919811,913563,919373,930803,90 8536,938701,931924,936308,909549,90 0816,912711,904494,904497,939903,90 0375,900382,934507,907231,936312,90 6001&ms=au& signature=1DDD3BB4A46816E27075ADF1 3C84B810AD1DF72D.C9B4290CE7F0806A 3174E65DE3920F3AFDB06833& title=Kilimanjaro+-+ROBOT+%282010%29 +%2AHD%2A+1080p+%2ABluRay%2A+ Music+Video
The browser downloads the file perfectly. How this works? Where is the filename and extension in this link?
Please repeat:
URLs !== files
URLs !== files
URLs !== files
When requesting a URL, your browser/HTTP client/whatever is sending an HTTP request to a web server, requesting the URL. The web server is free to respond to this request in any way it pleases. URLs have nothing at all to do with files on a hard disk. It's just a convenient default configuration that web servers look for files of the same name as the requested URL and serve those. But it could do anything else it wanted as well. It can start up a shell script which gets the requested URL passed as an argument, which in turn can output anything it wanted. The web server may be a Java application which processes the requested URL internally and responds with some content. The server could be anything and everything at all and it can respond by doing anything it wants to. A web server is just an application that listens on port 80 (or elsewhere) and answers incoming HTTP requests. The file system doesn't have to be involved at all.
You're probably calling a script which depending on your parameters finds the file you want and before sending it, it modifies the headers to make your browser treat the file as a video file (and download it) and not as a regular html document
header('Content-Description: File Transfer');
header('Content-Disposition: attachment; filename="'.$filename.'"');
header("Content-Type: application/zip");
header("Content-Transfer-Encoding: binary");
hy guys,
i really need your help. i've succesfully connected to ftp server via php.
i'm listing all files that are on the server. if i click a file the browser should prompt a download window to download the file.
i've absolutely no idea how to do that. which method am i going to use. ftp_get kind of confuses me. it says i have to declare a local_file as well. i just want a file on the server to download to my harddrive.
how can i do that?
regards matt
The remote file has to first be downloaded to your server before you can send it to the user. It's invisible to the user, but you don't have a choice. PHP won't let the browser talk directly to the FTP server.
Create a separate php script that calls ftp_get for a specific file, stores it temporarily to your server to allow the user to download it.
Something like:
<?php
//assume the page was called like download.php?filename=downloaded.pdf
header('Content-Disposition: attachment; filename="'.$_GET['filename'].'"');
$tempFile = 'temp'.rand();
ftp_get($ftp, $tempFile, $_GET['filename'], FTP_BINARY);
readfile($tempFile);
You may add code to delete the tempFile too.
If you provide a link to a file that can't be read by the browser (such as a php file, audio, video, etc.) it will ask you to download the file.
The other way is to use PHP headers on a page and print out the page, and link to that page. http://www.ryboe.com/tutorials/php-headers-force-download