I've created a script that lets the user download files:
function file_size($filename)
{
exec('stat -c %s ' . escapeshellarg($filename), $return);
return (float)$return[0];
}
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename=' . basename($filename));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . file_size($filename));
readfile($filename);
exit;
Very simple. The file_size function lets me detect file sizes larger than 2 GB.
The problem is that Content-length never is above 2 GB:
< HTTP/1.1 200 OK
< Date: Sun, 21 Aug 2011 09:33:20 GMT
< Server: Apache
< Content-Description: File Transfer
< Content-Disposition: attachment; filename=very-large-file
< Content-Transfer-Encoding: binary
< Expires: 0
< Cache-Control: must-revalidate, post-check=0, pre-check=0
< Pragma: public
< Content-Length: 2147483647
< Content-Type: application/octet-stream
Doing a var_dump on 'Content-Length: ' . file_size($filename) returns string(26) "Content-Length: 4689218232". If I access the file directly without a PHP script, there is no problem and Apache is reporting the correct file size:
< HTTP/1.1 200 OK
< Date: Sun, 21 Aug 2011 09:58:33 GMT
< Server: Apache
< Last-Modified: Thu, 06 Jan 2011 21:56:47 GMT
< ETag: "8ba8f5e0-1177fcab8-49934940b30e5"
< Accept-Ranges: bytes
< Content-Length: 4689218232
But I'd really like to serve the file through my PHP script. Thank you for your time.
Sending huge files with readfile is not good practice.
Use X-Sendfile, like this: header("X-Sendfile: $filename");. You'll need apache mod_sendfile. This should also solve your file-size problem.
Related
On my site I have a <a download></a> link and also a php function that downloads files on my desktop just fine -
ob_start();
$nameOld = 'https://my-other-server.online/path/to/file.mp4';
$save = '/var/path/to/file.mp4';
$nameNew = "download.mp4";
file_put_contents($save, fopen($nameOld, 'r'));
set_time_limit(0);
header('Connection: Keep-Alive');
header('Content-Description: File Transfer');
header('Content-Type: application/force-download');
header("Content-Disposition: attachment; filename=$nameNew");
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($save));
while (ob_get_level()) {
ob_end_clean();
}
readfile($save);
exit;
unlink($save);
On mobile devices (iphone) this doesnt work on chrome browser. (Im already aware about safari ios downloads, even though I've seen some downloads prompt the user to open another app to continue.)
So I've tried using the <a></a> download link, but when clicking on it, it simply opens the video in a new tab and plays it.
If I try with a php script, it opens the video in a new tab and shows a crossed out play button (video is not even playable). I've been searching for an answer for days, I've edited .htaccess files and testing different scripts, content-types, headers, etc.
This is how the current script looks like for mobile specific -
... first few lines same as above script ...
file_put_contents($save, fopen($nameOld, 'r'));
//echo file_get_contents($save);
//$headers = get_headers($nameOld, 1);
//$filesize = $headers['Content-Length'];
//set_time_limit(0);
ob_clean();
//if(ini_get('zlib.output_compression'))
// ini_set('zlib.output_compression', 'Off');
//$fp = #fopen($save, 'rb');
//header('Connection: Keep-Alive');
//header('Content-Description: File Transfer');
//header('Content-Type: application/force-download');
//header('Content-Type: application/octet-stream');
header('Content-Type: video/mp4');
//header("Content-Disposition: attachment; filename=$nameNew");
header("Content-disposition: attachment; filename=\"" . basename($save) . "\"");
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
//header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($save));
//ob_end_clean();
while (ob_get_level()) {
ob_end_clean();
}
//fpassthru($fp);
// fclose($fp);
readfile($save);
//exit;
unlink($save);
die();
I also tried testing printing on mobile the headers of one of the files -
print_r(get_headers($url));
print_r(get_headers($url, 1));
The output today is as follows, but yesterday the content-type said application/octet-stream ---
Array ( [0] => HTTP/1.1 200 OK [1] => Date: Wed, 27 Feb 2019 14:51:56 GMT [2] => Server: Apache/2.4.29 (Ubuntu) [3] => Last-Modified: Tue, 26 Feb 2019 14:16:19 GMT [4] => ETag: "3e7e3a-582ccb37e75a7" [5] => Accept-Ranges: bytes [6] => Content-Length: 4095546 [7] => Connection: close [8] => Content-Type: video/mp4 ) Array ( [0] => HTTP/1.1 200 OK [Date] => Wed, 27 Feb 2019 14:51:56 GMT [Server] => Apache/2.4.29 (Ubuntu) [Last-Modified] => Tue, 26 Feb 2019 14:16:19 GMT [ETag] => "3e7e3a-582ccb37e75a7" [Accept-Ranges] => bytes [Content-Length] => 4095546 [Connection] => close [Content-Type] => video/mp4 )
I've also checked my php info settings and didnt see anything that could be causing an issue, but then again Im not too sure what to look for.
I know its possible to download files on chrome mobile because other sites work for me, just not my own.
What am I doing wrong?
Add this as a header : 'X-Content-Type-Options: nosniff';
it is made to prevent browsers from interpreting themself the received content.
In association wth Content-disposition: attachment; ... the browser should offer to download it.
Are you sure you are using the format:
<a href="myvideo.mp4" download>Download</a>
And as miken32 mentioned :
"You're setting the MIME type to video/mp4. If the browser can play that kind of video, it will do so. Change it back to application/octet-stream."
EDIT:
You could also try to set this in your .htaccess file:
AddType application/octet-stream .mp4
And then change it back to application/octet-stream.
Try this.
A while ago trying to make a small application and the download tag just worked for me in Chrome. Like this:
Download
I have written a PHP page which reads a file and does echo it after adding some headers:
header('Content-disposition: filename="' . $fname . '"');
header('Pragma: no-cache');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header("Content-type: $AttachFileType");
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . filesize($ffullname));
echo file_get_contents($ffullname);
This piece of code does well on local test, but when porting to the server, the response is not as expected. For example when I want to retrieve a png file, I get the below image on local test:
while server test outputs this one:
As I have investigated, the only difference of them is 4 additional headers on server response. Local test response headers:
Cache-Control: must-revalidate, post-check=0, pre-check=0
Connection: Keep-Alive
Content-disposition: filename="attachment_hrmstotal_generalskills_6.png"
Content-Length: 2401
Content-Transfer-Encoding: binary
Content-Type: png
Date: Wed, 23 May 2018 04:45:02 GMT
Expires: 0
Keep-Alive: timeout=5, max=97
Pragma: public
Server: Apache/2.4.27 (Ubuntu)
and server response headers are these:
Cache-Control: must-revalidate, post-check=0, pre-check=0
Connection: keep-alive
Content-disposition: filename="attachment_hrmstotal_generalskills_1.png"
Content-Length: 184450
Content-Transfer-Encoding: binary
Content-Type: png
Date: Wed, 23 May 2018 04:40:56 GMT
Expires: 0
Pragma: public
Server: nginx/1.8.0
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
The last four headers is the difference. What is the problem, its reason and how to solve it?
Your content-type should be Content-type: image/png
I'm experimenting with Comet and I'm stuck with implementing it via a hidden IFrame ("forever frame".
This is my index.html:
<!DOCTYPE HTML>
<html>
<head>
<script type="text/javascript">
cometResponse = function() {
var debugOut = document.getElementById('debugOutput');
return function(response) {
debugOut.innerHTML = response.number;
}
}
</script>
</head>
<body>
<div id="debugOutput"></div>
<iframe src="comet.php"></iframe>
</body>
</html>
And this is the comet.php file:
<?php
set_time_limit(0);
header('Content-Type: text/html');
header('Cache-Control: no-cache, must-revalidate');
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Transfer-Encoding: chunked');
flush();
ob_flush();
$response = '<script type="text/javascript">
parent.cometResponse({
number: %1$d
});
</script>';
for ($i = 0; $i < 2; $i++) {
sleep(1);
$data = sprintf($response, $i);
$output = strtoupper(dechex(strlen($data)))."\r\n".$data."\r\n";
echo $output;
flush();
ob_flush();
}
echo "0\r\n\r\n";
After loading the page, the browser seems to "wait" for the response. After a few seconds, Firebug shows an empty response with these response headers:
HTTP/1.1 200 OK
Date: Mon, 26 Jul 2010 09:34:04 GMT
Server: Apache/2.2.14 (Win32) PHP/5.2.12
X-Powered-By: PHP/5.2.12
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-2
Since the response is treated as empty, the tag that should be in the response doesn't get executed either.
However, if I remove the "Transfer-Encoding: chunked" header, the content is sent to the browser correctly but all in one big piece at the end of the script, as expected.
I just can't find what's going wrong here.
Two guesses:
Content-Encoding: gzip
Maybe mod_gzip does not work correctly?
Have you tried on annother host?
Maybe Firefox ignores the code, if
it is not within < html>
This might help someone else, here is how I solved it:
<?php
header('Content-Encoding: chunked');
header('Transfer-Encoding: chunked');
header('Content-Type: text/html');
header('Connection: keep-alive');
header('Cache-Control: no-cache, must-revalidate');
flush();
set_time_limit(0);
function chunk($data) {
echo sprintf("%x\r\n%s\r\n", strlen($data), $data);
flush();
ob_flush();
}
// Code to output data here.
// The following loop is an example.
for($i = 0; $i < 5; $i++) {
chunk('<script type="text/javascript">window.top.test();</script>');
sleep(1);
}
chunk('');
?>
It needed an empty chunk at the end of the output.
Then you can simply output data by calling the function chunk like this:
chunk('data');
I have this code set up that lets a user download a file through my server from a URL they specify. The file streams through using readfile() so it only uses my bandwidth.
<?php
set_time_limit(0);
$urlParts = explode("/", $_SERVER['PHP_SELF']);
$file = $urlParts[3];
header("Cache-Control: public, must-revalidate");
header("Pragma: hack");
header("Content-Type: application/force-download");
header('Content-Disposition: attachment; filename=' . $file);
header("Content-Transfer-Encoding: binary\n");
readfile($file);
?>
This script works, but it does not change the CRC hash of the downloaded file. What I want it to do is append some random bits to the end of the file so it can change the hash without corrupting it. I have tried adding something like echo md5(rand() . time()); to the end of the script but it doesn't work.
If this is possible with something like cURL I'd appreciate if someone could put up some code samples, because i'd switch to cURL if this was possible.
Thanks for your help.
Hmm, your code works for me:
test.php:
set_time_limit(0);
$urlParts = explode("/", $_SERVER['PHP_SELF']);
//$file = $urlParts[3];
$file = 'toread.txt';
header("Cache-Control: public, must-revalidate");
header("Pragma: hack");
header("Content-Type: application/force-download");
header('Content-Disposition: attachment; filename=' . $file);
header("Content-Transfer-Encoding: binary\n");
readfile($file);
echo md5(rand() . time());
?>
toread.txt:
This is the content of toread.txt
Now using curl, I get the following results:
>curl -i http://example.com/test.php
HTTP/1.1 200 OK
Date: Tue, 04 Mar 2014 07:09:39 GMT
Server: Apache
Cache-Control: public, must-revalidate
Pragma: hack
Content-Disposition: attachment; filename=toread.txt
Content-Transfer-Encoding: binary
Transfer-Encoding: chunked
Content-Type: application/force-download
Proxy-Connection: Keep-Alive
Connection: Keep-Alive
Age: 0
This is the content of toread.txt38d8a8009fad7315bdf5e823a06018e7
And the second one:
>curl -i http://example.com/test.php
HTTP/1.1 200 OK
Date: Tue, 04 Mar 2014 07:09:57 GMT
Server: Apache
Cache-Control: public, must-revalidate
Pragma: hack
Content-Disposition: attachment; filename=toread.txt
Content-Transfer-Encoding: binary
Transfer-Encoding: chunked
Content-Type: application/force-download
Proxy-Connection: Keep-Alive
Connection: Keep-Alive
Age: 0
This is the content of toread.txt3b87356ea9ee007b70cfd619e31da950
Here is my issue. I am trying to call a page: foo.php?docID=bar and return a PDF to the screen which is stored as a BLOB in the DB.
Here is the portion of my code which actually returns the PDF:
$docID = isset($_REQUEST['docID']) ? $_REQUEST['docID'] : null;
if ($docID == null){
die("Document ID was not given.");
}
$results = getDocumentResults($docID);
if (verifyUser($user, $results['ProductId'])){
header('Content-type: application/pdf');
// this is the BLOB data from the results.
print $results[1];
}
else{
die('You are not allowed to view this document.');
}
This works perfectly fine in Firefox.
However, in IE, it doesn't show anything at all. If i'm on another page (i.e. google.com), and I type in the URL to go to this page, it will say it's done, but I will still have google.com on my screen.
I checked the headers for the responses from both firefox and IE. They are identical.
Does anyone have any suggestions? Need more information?
EDIT: If it helps at all, here's the response header and the first line of the content:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 349930
Content-Type: application/pdf
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: PHP/5.1.2
Set-Cookie: PHPSESSID=cql3n3oc13crv3r46h2q04dvq4; path=/; domain=.example.com
Content-Disposition: inline; filename='downloadedFile.pdf'
X-Powered-By: ASP.NET
Date: Tue, 21 Apr 2009 16:35:59 GMT
%PDF-1.4
EDIT: Also, the page which pulls out the pdf file actually uses HTTPS instead of HTTP.
Thanks in advance,
~Zack
I figured out what the issue was. It's an IE bug dealing with IE, HTTPS and addons. (See here)
It was a caching issue. When I set:
header("Cache-Control: max-age=1");
header("Pragma: public");
(see here), the PDF was in cache long enough for the adobe reader add-on to grab it.
I had this issue too, i used the following which seems to work fine
header("Content-type: application/pdf");
header("Content-Length: $length");
header("Content-Disposition: inline; filename='$filename'");
Try this:
header("Content-Type: application/pdf");
header("Content-Disposition: inline; filename=foo.pdf");
header("Accept-Ranges: bytes");
header("Content-Length: $len");
header("Expires: 0");
header("Cache-Control: private");
Also, if you are using sessions, you can try setting
session_cache_limiter("none");
or
session_cache_limiter("private");
if ( USR_BROWSER_AGENT == 'IE' ) {
header( 'Content-Disposition: inline; filename="' . $name . '"');
header( 'Expires: 0' );
header( 'Cache-Control: must-revalidate, post-check=0, pre-check=0' );
header( 'Pragma: public' );
} else {
header( 'Content-Disposition: attachment; filename="' . $name . '"' );
header( 'Expires: 0' );
header( 'Pragma: no-cache' );
}
This was the only header I needed to change:
header("Pragma: public");
I think you need to add more headers.
header("Content-Type: application/force-download");
header("Content-Type: application/octet-stream");
header("Content-Type: application/download");
header("Content-Disposition: attachment; filename=THEFILENAME.pdf;");
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . strlen($results[1]));