im working on a content management system for that i have to download a php file using php code without executing. any one can help me on this
it is some thing like ftp. i have added the options to upload, edit and download a file. it is working fine. but while downloading a php file it is executed instead of downloading...
What i tried is:
<?php
$file = $_REQUEST['file_name'];
if (file_exists($file)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
include_once($file);
exit;
}
?>
You have to load the files content, write the content to the request and set the headers so that it's parsed as force download or octet stream.
For example:
http://server.com/download.php?name=test.php
Contents of download.php:
<?php
$filename = $_GET["name"]; //Obviously needs validation
ob_end_clean();
header("Content-Type: application/octet-stream; ");
header("Content-Transfer-Encoding: binary");
header("Content-Length: ". filesize($filename).";");
header("Content-disposition: attachment; filename=" . $filename);
readfile($filename);
die();
?>
This code works without any modification. Although it needs validation and some security features.
The server somehow identifies file that should be executed instead of downloaded. You have to exclude the .php file you want to download from that handling. The easiest is probably to rename the file to .php.txt.
Otherwise you should be able to configure the server to not process that particular file, or the path were it is located. How you do that depends on which server you are running.
If such php file is located on the same server/website, then just open it as normal file, e.g. $fileContents = file_get_contents($filename);
If file is on another server, you have few possible options:
1) Access it via FTP (if you have login details and access)
2) Have special URL Rewrite rule on that server which will instruct web server to send file as plain text instead of executing it (e.g. somefile.php.txt)
3) Have special script on that server and by passing file name as a parameter it will return content of that file (e.g. http://example.com/showfile.php?file=somefile.php)
This is how to download a php file instead of executing it.
Trust me it works! ..download the file php with own risk :)
<?php
function downloadThatPhp($nameOfTheFile)
{
header("Pragma: public");
header("Expires: 0"); // set expiration time
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Content-Type: application/text/x-vCard");
header("Content-Disposition: attachment; filename=".basename($nameOfTheFile).";");
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize($nameOfTheFile));
#readfile($nameOfTheFile);
exit(0);
}
// and this how to use:
// download that php file with your own risk :)
$file = $_REQUEST['file_name'];
$downloadThis = "http://domain-name.com/".$file;
if (file_exists($file)) {
downloadThatPhp($downloadThis);
}
?>
Hope this helps you bro :)
You can read alot about it on php.net/header, but to force a download, you can use a force-download header. This comment is amazing, check it out! :-)
if someone is looking to do this in his/her .htaccess file:
Header set Content-Disposition attachment
AddType application/octet-stream .php
or
<FilesMatch "\.(?i:php)$">
ForceType application/octet-stream
Header set Content-Disposition attachment
</FilesMatch>
Related
So, I need a little help here. I have a site which hosts some mp3s. When users click on the download url, it links directly to a file called downloadmp3.php, which goes 2 parameters in the url...the php file is included below, and it's basically supposed to FORCE the user to save the mp3. (not play it in the browser or anything).
That doesnt happen. Instead, it seems like the file is WRITTEN out in ascii to the browser. It seems like it's the actual mp3 file written out.
Here is my downloadmp3.php file...please, what's wrong in this code.
It works on my local LAMP (Bitnami Wampstack on windows)....that is, on my local testing environment, it sends the file to my broswer, and I can save it. When I upload it to the real server, it basically writes out the mp3 file.
Here is the culprit file, downloadmp3.php...please help
<?php
include 'ngp.php';
$file = $_GET['songurl'];
$songid = $_GET['songid'];
increasedownloadcount($songid);
if (file_exists($file)) {
header('Content-Description: File Transfer');
header('Content-Type: audio/mpeg');
header('Content-Disposition: attachment; filename=' . basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
ob_clean();
flush();
readfile($file);
exit;
}
?>
By the way, this site only hosts mp3s - no other audio or file format. So, this downloadmp3.php script should ideally ask the user where they want to save this file.
Thanks for your help in advance.
I think the filename should be in quotes:
header('Content-Disposition: attachment; filename="' . basename($file) . '"');
Change the content-type value to text/plain. With this browser wont recognize it and wont play the file. Instead it will download the file at clients machine.
Seems there is too many headers. I am sure they do SOMETHING... but this code works.
This code works with MP3 files.... downloads to a file. Plays without a problem.
if(isset($_GET['file'])){
$file = $_GET['file'];
header('Content-type: audio/mpeg');
header('Content-Disposition: attachment; filename=".$file.'"');
readfile('path/to/your/'.$file);
exit();
}
You can access it with ajax call, or this:
<a id="dl_link" href="download.php?file=<>file-you-wish-to-download<>" target="_blank">Download this file</a>
Hopefully this is of some use
I am using the following headers to force a download but I need to try and have the browser display certain files like PDF's and JPG's if that is the file type, finding the exntension is easy enough but how can I alter these headers to open the file in the browser?
header("Content-Description: File Transfer");
header("Content-type: application/octet-stream");
$header="Content-Disposition: attachment; filename=".$filename.";";
header($header);
header("Content-Transfer-Encoding: binary");
header("Expires:0");
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header("Content-length: $filesize");
In order to display a file in the browser, you'll need to use the correct MIME type. You can set it yourself based on file extension, or you can use the finfo module:
function getContentType($filename) {
$finfo = new finfo(FILEINFO_MIME);
return $finfo->file($filename);
}
header("Content-Type: " . getContentType($filename));
Without this, the browser will probably assume that it can't handle the application/octet-stream content, and force a download anyway.
You should also only send the Content-Disposition header if you want to force the file to be downloaded. If you remove that header, then the browser can decide if it should display the file or download it.
Here is my problem. I am trying to download a file using header. Here is my code:
$content_type = mime_content_type('uploads/MyBBIntegrator_v1.3.1.zip');
$file = 'uploads/MyBBIntegrator_v1.3.1.zip';
header("Cache-Control: public");
header('Content-type: application/octet-stream');
header("Content-Description: File Transfer");
header('Content-Disposition: attachment; filename="MyBBIntegrator_v1.3.1.zip');
header("Content-Transfer-Encoding: binary");
header('Expires: 0');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
readfile('uploads/MyBBIntegrator_v1.3.1.zip');
However, the only result of this is that the page displays the contents of the file (it is a text file) or a string of strange symbols if the file is image/zip/exe etc
What should I do to solve this problem?
First of all, mime_content_type() is deprecated, you should try another method to fetch the MIME value.
I have checked your code and it works fine on my server, and it works fine for me. You should check for INI directives which might block the download. Try a fresh install server.
Also, there should be no output generated by the script before the snippet you put into your question.
I have an excel file that i want a user to be able to download from my server. I have looked at a lot of questions on here but i cannot find a way to correctly download the file w/o corruption. I am assuming it is the headers but i haven't had a working combination of them yet. This is what i have right now and in the corrupt file that i receive i can see the column names of the spreadsheet i want but its all messed up.
$filename = '/var/www/web1/web/public/temporary/Spreadsheet.xls';
header("Content-type: application/octet-stream");
header("Content-type: application/vnd-ms-excel");
header("Content-Disposition: attachment; filename=ExcelFile.xls;");
header("Pragma: no-cache");
header("Expires: 0");
readfile($filename);
edit: Solution I forgot to add that i was using Zend and it was corrupting the files when trying to use native php methods. My finsihed code was to place a link to another action in my controller and have the files download from there
public function downloadAction(){
$file = '/var/www/web1/web/public/temporary/Spreadsheet.xls';
header('Content-Type: application/vnd.ms-excel');
header('Content-Disposition: attachment; filename="Spreadsheet.xls"');
readfile($file);
// disable the view ... and perhaps the layout
$this->view->layout()->disableLayout();
$this->_helper->viewRenderer->setNoRender(true);
}
try doing it this way
ob_get_clean();
echo file_get_contents($filename);
ob_end_flush();
For one, only specify Content-Type once. You can use the excel-specific header but the generic application/octet-stream may be a safer bet just to get it working (the real difference will be what the browser shows the user with regards to "what would you like to open this file with", but basic browsers can rely on the extension as well)
Also, make sure you specify Content-Length and dump the size (in bytes) of the file you're outputting. The browser needs to know how big the file is and how much content it's expecting to receive (so it doesn't stop in the middle or a hiccup doesn't interrupt the file download).
So, the entire file should consist of:
<?php
$filename = '/var/www/web1/web/public/temporary/Spreadsheet.xls';
header("Content-Disposition: attachment; filename=ExcelFile.xls;");
header('Content-Type: application/octet-stream');
header('Content-Length: ' . filesize($filename));
header("Pragma: no-cache");
header("Expires: 0");
#readfile($filename);
$file_name = "file.xlsx";
// first, get MIME information from the file
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime = finfo_file($finfo, $file_name);
finfo_close($finfo);
// send header information to browser
header('Content-Type: '.$mime);
header('Content-Disposition: attachment; filename="download_file_name.xlsx"');
header('Content-Length: ' . filesize($file_name));
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
//stream file
ob_get_clean();
echo file_get_contents($file_name);
ob_end_flush();
I've been wrestling around with this for awhile now. I am trying to make it so when a user click a link it will force a download. Here's my code so far:
<?php
function Download()
{
$fullpath = $_SERVER['DOCUMENT_ROOT']."front.dwg"; //Full path of document
$filename = "front.dwg"; //Document file nmae
$mm_type="application/octet-stream";
header("Cache-Control: public, must-revalidate");
header("Pragma: hack");
header("Content-Type: " . $mm_type);
header("Content-Length: " .(string)(filesize($fullpath)) );
header('Content-Disposition: attachment; filename="'.$filename.'"');
header("Content-Transfer-Encoding: binary\n");
}
?>
<html>
<body>
Test
</body>
</html>
Your going to need to pull out your function and save it as "download.php"
Then just have a link that goes to it:
<a href="download.php">
Download.php should look like this:
$fullpath = $_SERVER['DOCUMENT_ROOT']."front.dwg"; //Full path of document
$filename = "front.dwg"; //Document file nmae
$mm_type="application/octet-stream";
header("Cache-Control: public, must-revalidate");
header("Pragma: hack");
header("Content-Type: " . $mm_type);
header("Content-Length: " .(string)(filesize($fullpath)) );
header('Content-Disposition: attachment; filename="'.$filename.'"');
header("Content-Transfer-Encoding: binary\n");
PHP is not a client-side function. You can't say onclick="somePHP".
You need a separate PHP script where you will force your download in, and simply link to that script.
In this script, you also need to actually output the file contents.
You need to set the appropriate calls to header first. These have worked for me:
header('Pragma: public'); // required
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Cache-Control: private', false);
header("Content-disposition: attachment; filename=\"{$filename}\"");
header("Content-Type: {$mime}"); // also works with file extension
header('Content-Transfer-Encoding: binary');
header('Content-Length: '.filesize($filename));
readfile($filename);
die();
You can never FORCE a download. You can change the window location to the download file and it will prompt them, but if you could force downloads, there would be some major security issues.
First, your $fullpath may not contain the data you expect, because you did not insert a forward slash ('/') before the filename. This is correct:
$fullpath = $_SERVER['DOCUMENT_ROOT']."/front.dwg";
You can check the contents of $fullpath using error_log( "Fullpath: $fullpath" ); or echo "Fullpath: $fullpath\n".
Second, you need to make the PHP portion of your code a standalone script. You will not be able to embed PHP function calls in Javascript. All of your PHP executes before the Javascript runs, so you need a way to call the PHP separately.
Third, you should verify that the file exists and is readable using file_exists() and is_readable(). If PHP reports that the file does not exists, you should specify the full path. If it is not readable, you can change the file permissions to allow your PHP script to read it.