I am currently storing docx files and pdf files in a user upload folder outside the doc root. I intend for these files to be downloaded via a db link to the heavily scrambled file name.
Previously I have only obtained data from files outside the root with PHP - is it possible to retrieve whole files from this area and if so how does one go about it.
<?php
$file_id = $_GET['id'];
$local_path = get_real_filelocation_from_id($file_id);
readfile($local_path);
The code for get_real_filelocation_from_id() is left as an exercise for the OP.
<?php
$get_file=$_GET['file_name'];
$file = '/path/to/uploads/'.$get_file;
if (file_exists($file)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
ob_clean();
flush();
readfile($file);
exit;
}
?>
After many hours of searching I found this that seems to work. Unfortunately, although the symbolic link root seemed to be a good path to follow I am unsure of how to actually implement it - firebug goes into quirks mode when I try even the most basic script.
Related
I have a form which the user fills out with their details & serial number, the software installer is then downloaded, named as their input. e.g. serial.exe
Once the form is submitted I check the file exists and then attempt the file download:
$directory = get_template_directory();
$file = $directory . '/filename.exe';
if (file_exists($file)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.$Serial.'.exe"');
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
readfile($file);
exit;
}
This causes the loading to freeze, nothing below this code is loaded but i can't see any errors & no file is generated.
If i change the file to a .png the code works.
I've also copied the same code to a php page outside of wordpress, the same code runs & downloads the file as desired.
Is it possible that Wordpress is somehow blocking the readfile() request because its an .exe?
EDIT:
It appears to be a problem with the size of the file, rather than the type of file.
A small .exe file has worked & is downloaded correctly.
I have a simple problem. I am trying to make header download (Save as dialog window) to download file from server. My code:
public function downloadBill()
{
$id = Input::get('post_id');
$db = DB::connection('smsservice');
$file_ = $db->table('bills')->where('id', $id)->pluck('blob');
$filename = 'download.txt';
File::put($filename, base64_decode($file_));
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($filename));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($filename));
}
Save as dialog starts, and I can download file download.txt, but the file is emtpy 0 kb, which draws me to the conclusion that location of download is not equal to the location of the of saved "download.txt". I tried putting file to diferent locations, even on the D:\ disk as well, but I didn't manage to make it work. Can someone help me, please?
Laravel has a built-in method for returning a download response. response()->download($filePath);. This will handle everything needed for the file to be downloaded, automatically http://laravel.com/docs/5.1/responses#file-downloads
I'd also be inclined to use the storage_path() function to save the file into an explicitly known, suitable directory rather than letting PHP save it where it likes.
$filename = storage_path(sprintf('/downloads/%s.txt', $id));
Problem:
After download, the file doesn't contain the data.
i.e it become blank.
So please help me for this.
<?php
session_start();
include_once 'oesdb.php';
$id=$_REQUEST['id'];
if(isset($_REQUEST['id']))
{
$sql=executeQuery("SELECT * FROM file where id=$id");
$rows = mysql_fetch_array($sql);
$file =$rows['file'];
header('Content-Description: File Transfer');
header('Content-Type: application/vnd.ms-excel');
header('Content-Disposition: attachment; filename='.basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
ob_clean();
flush();
readfile('uploads/'.$file);
exit;
}
?>
Why not create a HTACCESS file in uploads folder then states
Allow From 127.0.0.1
Deny From All
Then just create a URL, use HTML5's new download feature, do something like this:
click to download
It saves time trying to use PHP to make a download script.
try replacing this:
$file =$rows['file'];
by this:
$file = "uploads/".$rows['file'];
and this:
readfile('uploads/'.$file);
by this
readfile($file);
if still not working put the value returned by the readfile function
IMPORTANT
Please take in consideration the sql injection issues (see comment of Ondřej Mirtes)
The problem is here:
header('Content-Length: ' . filesize($file));
Content-Length receives zero value and browser downloads zero-length file, as you told him. If $file is path relative to upload/, you should do this:
header('Content-Length: ' . filesize('upload/'.$file));
Be sure that filezise() returns correct size and readfile() realy outputs it.
But the other problem is that you mentioned UPLOAD folder and using uploads. They are not same and case is important. Also, may be using relative paths in 'uploads/'.$file is not a good idea, it is better to use absolute path. For example, '/var/www/upload/'.$file.
I have a script that downloads a large file (1.3gb) using readfile().
If I create a .php page with just the script on it it works fine, but if I place the same script in a Snippet and place it on a page nothing happens.
Is ModX blocking the download some how? Any advice would be great thanks!
EDIT code:
$file = $_SERVER['DOCUMENT_ROOT']."/movie.mov";
if (file_exists($file)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
ob_clean();
flush();
readfile($file);
exit;
};
Modx does have a maximum file size setting [Maximum upload size upload_maxsize] but that is for the file manager. I doubt that is your problem.
let's see the script and error logs.
UPDATE
just tested your little snippet out [with a couple of minor changes] ~ it works fine.
$base_path = $modx->config['base_path'];
$movie = 'frankenweenie-mrwhiskers_r640s.mov';
$file = $base_path.$movie;
if (file_exists($file)) {
echo 'file exists '.filesize($file);
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
ob_clean();
flush();
readfile($file);
return true;
}else{
echo 'file does not exist';
return false;
}
using the $modx->config['base_path'] is not your problem, it worked using the server vars as well, it's just a good habit. as are the returning true/false modx expects it's snippets to return something whether true, false or $output ... also, not your problem it worked without.
Start looking at your php settings, I think possibly memory limit could be the problem. Check the php docs & see if it needs to have enough memory available to read a file that size. [even though it indicates 'size doesn't matter']
enable error logging in the script itself & check the server error logs.
It works with small files? Then look here: PHP readfile() and large downloads
Good luck!
This one should be easy, I think. I have a paginated image gallery, and under each image is a small link that says "Download Comp". This should allow people to quickly download the .jpg file (with a PHP generated watermark) to their computer.
Now, I know I can just link straight to the .jpg file, but that requires the user to have the image open in a new window, right click, Save As..., etc. Instead, I want the "Download Comp" link to initiate the download of the file immediately.
PHP.net seemed to suggest using readfile(), so each "Download Comp" link is being echoed as "?download=true&g={$gallery}&i={$image}".
Then at the top of the page I catch to see if the $_GET['download'] var isset, and if so, I run the following code:
if(isset($_GET['download'])) {
$gallery = $_GET['g'];
$image = $_GET['i'];
$file = "../watermark.php?src={$gallery}/images/{$image}";
header('Content-Description: File Transfer');
header('Content-Type: application/jpeg');
header('Content-Disposition: attachment; filename='.basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: public');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
ob_clean();
flush();
readfile($file);
}
The link takes a lonnnnnnnnng time, and then it brings up a dialog prompt asking you to Open or Save the file, but once you Save and try to open it, it says the file is corrupt and can't be opened.
Any ideas?
Don't set $file to a relative url. The readfile function will try to access the php file on the server. That is not what you want. In your case it looks like the watermark.php file will send the contents you want, so you could possibly just set up the environment it needs and include it.
<?php
if(isset($_GET['download'])) {
$gallery = $_GET['g'];
$image = $_GET['i'];
$_GET['src'] = "{$gallery}/images/{$image}";
header('Content-Description: File Transfer');
header('Content-Type: image/jpeg');
header('Content-Disposition: attachment; filename='.basename($image));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: public');
header('Pragma: public');
ob_clean();
include('../watermark.php');
exit;
}
Another (simpler) way is to modify watermark.php. Add a query parameter to make it send the proper headers to force a download and link to that
...
watermark.php:
<?php
if (isset($_GET['download']) && $_GET['download'] == 'true') {
header('Content-Description: File Transfer');
header('Content-Type: image/jpeg');
header('Content-Disposition: attachment; filename='.basename($src));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: public');
header('Pragma: public');
}
// continue with the rest of the file as-is
Also, you don't need the call to flush(). There should not be any output to send at that point, so it is not necessary.
header('Content-Type: image/jpeg');
Perhaps?
I think you might need to follow the call to readfile() with a call to exit() to make sure nothing else gets written to the output buffer.
This seems like a security issue.
What if someone enters:
$g = '../../../../../../';
$i = '../../sensitive file at root';
How about making .htaccess (if you are using apache) i for the gallery directory serve jpegs up as a download rather than normal.
Also, try file_get_contents() instead of readfile(). I find it works under more circumstances. I would also recommend you use ob_flush() after you output the image data. I've never needed to use ob_clean() or flush() to get this kind of thing to work.
And as Eric said, you may also want to put a call to exit() in there as well for good measure if it still isn't working just in case you are getting some junk data stuck at the end.