i want to implement code so that when user will download that file, name of the file should be changed
as example
$uploaddir="files/userid/";
$filename=rand(1000,9999).time().rand(1000,9999);
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile);
suppose using this code file is uploaded it will be stored on server as name like this
23451232325654.pdf
but for user he/she will have logical name for it Like learn_php.php
when user want to download this file he/she will have this link to download
www.example.com/files/userid/23451232325654.pdf
but this file not stored on user's pc when downloaded as 23451232325654.pdf but i want to store it as their logical name as shown above
learn.php
You can do this no problem. You just need a download script that will first send the correct header. In this case, the header should be something like:
header('Content-Disposition: attachment; filename="learn_php.pdf"');
See example 1 in the php docs.
So instead of linking directly to the file (for example: http://website.com/content/129312.pdf), you would link to your download script (for example: http://website.com/download.php?file=129312.pdf).
And download would first send the headers, then the file contents.
Obligatory note about security: Using the filename directly from $_GET without sanitizing it opens up a huge security issue. If you do it this way you NEED to sanitize it.
Related
why should I use this code to get the name of the file?
$filename = pathinfo($_FILES['file']['name'], PATHINFO_FILENAME)
If I could also get the name through this code:
$filename = $_File['file']['name']
Thank you very much! I'm a beginner in PHP, so sorry if the question is too dumb :D
Because $_File['file']['name'] comes from the user end, and although ordinarily it is just the file name, an ill-intentioned user can actually set it to whatever he wants (example: full path name to overwrite files in the server) and you have to filter it just like every other user input to prevent an attack vector in your system.
Same is true for everything in $_FILE, don't trust the informed MIME type, don't save files without checking if the extension is safe (saving a .php file will be a disaster) etc.
For example, I've seen a system that would trust files of type equal to image/jpeg and other image types, and then saves it without checking the actual file extension. A forged request can inject a .php shell script to this website's upload folder and be used to take control.
I am redirecting to an image with a Location header from PHP, and in firefox when you view the image and right click to save it prompts to save with the name of the PHP redirect script, not the name of the image. This behaviour is not present in the other browsers.
Here is the code of the file:
<?php
header("Location: foo.jpg");
Is there anyway to get firefox to use the correct name when a user opens the save dialog?
jewlhuq's suggestion to bypass php altogether works.
<?php print("<script>window.location='image.jpg';</script>"); ?>
Using php to read the file's contents and dump those to the browser with the proper headers including the following
header('Content-Disposition: inline; filename="desired-filename.jpg"');
also works.
Which is better depends on your application. I used the first for the problem listed above, in another application I needed to serve an image with a different file name than the one it is actually saved with, for that I needed the latter.
I am working on a simple document management system for a site - the user can upload around 20 different file types and the docs are renamed then stored in a folder above www, an entry is created in a docs table to capture meta data entered by the user and the item is then retrieved via another php file so the stored location for the files are hidden from the user.
When a user clicks to download a file using a simple a href it calls, for example, "view.php?doc=image.jpg" - when they do this currently the file opens in the browser so a jpg opens a window with pages of "wingdings" like characters etc.
I would like to be able to force a open/save dialogue box so the user decides what to do and my app doesn't try to open in the browser window with the above results.
From a previous posting I found I know I cannot pass the mime type in the "a href" tag so what other options do I have? Could I put header information into the below view.php file, for example?
$_file = $_GET['doc'];
$filename = './dir/'.$_file;
if (file_exists($filename)) {
echo file_get_contents('./dir/'.$_file);
} else {
echo "The file $_file does not exist";
}
;
You could use get_headers() to get the MIME type header of the desired file, and then use header() to output those headers into the file you're showing.
Alternatively, to simply force downloads, this:
header('Content-Description: File Transfer');
header("Content-type: application/octet-stream");
Should do it.
I am new to PHP. I have a software downloads website. What I want is to
automatically add "-mysite.com" with every download filename. So that the actual
filename remain the same i.e "somesoftware.exe" but whenever someone download it, it should
be automatically renamed and downloaded with the filename "somesoftware-
mysitename.com.exe" to their computer. Here is the code for download link div on my site.
<!--===========================Download Div===============================-->
<div id="downlink-container">
<a href="http://www.mysitename.com/downloads/jetaudio16.0.0.435-mysitename.com.exe" id="downloadlink" style="visibility:visible">
Download Jet Audio
</a>
</div>
<!--===========================Download Div====================================-->
Can I use PHP to automatically add "-mysitename.com" with the downloaded file name
"somesoftware.exe" so that the actual filename on server folder remain the same(i.e.
somesoftware.exe) but whenever someone download it, it automatically become "somesoftware-
mysitename.com.exe". I tried using PHP variables for this but I can't get it done. Please
Help!
You set the following header:
header('Content-Disposition: attachment; filename="downloaded.pdf"');
Where downloaded.pdf is your filename. Its just a matter of getting the extention and adding "- thenoblesite.com" to the original name.
Once user starts downloading a file, it's over - you have no control over it, no PHP, no anything. So the idea is to either rename the source file (which you don't want) or to actually stream the file using a different name. See it here.
I have a script which uploads files into an online directory and stores the file details in a database. The files when stored are renamed to the id of the entry in the database. Whenever a user requests a download, a simple SQL statement retrieves the file details from the database, the contents of the file are read from the database, and the file is prompted for download. The following is my code:
$one_file = $FILE_OBJECT->get($_GET['id']); // this is an object which just grabs the file details from the database
header("Content-type: ".$one_file['type']); // add here more headers for diff. extensions
header("Content-Disposition: attachment; filename=\"".$one_file["filename"]."\""); // use 'attachment' to force a download
header("Content-type: application/octet-stream");
header("Content-Disposition: filename=\"".$one_file["filename"]."\"");
readfile(_config('files_path').$_GET['id']);// reading the actual raw file stored in my online directory
Problem is that Im testing using a word document and its uploading perfectly - I've even checked the raw file being uploaded by manually changing its extension and it's uploading perfectly. The problem is that when it's downloaded using the code above, the Word file seems corrupted or something, because when I try to open it, it's all mumbled and jumbled. What's happening? I've used this snippet on a few other sites I've worked on, and they work perfectly fine... Help please!
By default PHP's header function will replace previous headers with the same name, so your first two headers are being overwritten by the second two. Delete the second two and see if that works.
See if this helps:
Webkit and Excel file(PHPexcel)
I was having the same problem: every time I downloaded a file, it was supposedly "corrupt". Turns out I had made a stupid directory path mistake, but the php error was being written into the downloaded file. Which, of course, made it "corrupt".
Actually I solved by reading Ian Wetherbee's comment about testing with a plain text file. Thanks Ian!