I want to download a doc file located at http://confluence.rogersdigitalmedia.com/exportword?pageId=1114407. How can I modify the following code to download a file from that URL??
And can someone please explain what this code does in its current state, what does it download, a file from a directory?
<?php
// place this code inside a php file and call it f.e. "download.php"
$path = $_SERVER['DOCUMENT_ROOT']."/path2file/"; // change the path to fit your websites document structure
$fullPath = $path.$_GET['download_file'];
if ($fd = fopen ($fullPath, "r")) {
$fsize = filesize($fullPath);
$path_parts = pathinfo($fullPath);
$ext = strtolower($path_parts["extension"]);
switch ($ext) {
case "pdf":
header("Content-type: application/pdf"); // add here more headers for diff. extensions
header("Content-Disposition: attachment; filename=\"".$path_parts["basename"]."\""); // use 'attachment' to force a download
break;
default;
header("Content-type: application/octet-stream");
header("Content-Disposition: filename=\"".$path_parts["basename"]."\"");
}
header("Content-length: $fsize");
header("Cache-control: private"); //use this to open files directly
while(!feof($fd)) {
$buffer = fread($fd, 2048);
echo $buffer;
}
}
fclose ($fd);
exit;
// example: place this kind of link into the document where the file download is offered:
// Download here
?>
This code is supposed to download files through PHP. Usually, it's used to hide the directory containing the downloads, or to download files which were otherwise inaccessible because the files are outside the web root. Another use for such a script is to offer downloads for authorized users, you'd have to put an authentication check in the script.
If the file has a PDF extension, the download is offered as with the PDF mimetype, so browsers can open it in a PDF viewer. Other files are offered as binary files which can be saved.
Do not use this script "as-is". It contains a huge security vulnerability which allows an attacker to view arbitrary files on your system (Path traversal). Replace line:
$fullPath = $path.$_GET['download_file'];
with the following to make it a bit more secure:
$fullPath = $path . basename($_GET['download_file']);
Even better: implement whitelisting by allowing filenames within an allowed character set and rejecting other invalid filenames.
Downloading an external file is as easy as following the example of cURL:
<?php
$ch = curl_init("http://www.example.com/");
$fp = fopen("example_homepage.txt", "w");
curl_setopt($ch, CURLOPT_FILE, $fp);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_exec($ch);
curl_close($ch);
fclose($fp);
?>
Since I've no clue about the URL of your download, I'll leave the original URLs and filenames from the PHP example.
This code is something you put on your own server to allow people to download files through PHP. Usually you'd add some authentication code in there so PHP can accept/reject the user before downloading.
Related
Here I have some code, it does as it says and downloads, however only downloads a white blank empty file, and I am trying to use this one Wordpress and must be without a plugin. The script works, but its not downloading any information onto the PDF document, its just a white blank page here is the code, looking for a solution to added Wordpress post to the document, here is the link and the code, ideally I want it to download the page in which the link is executed.
HTML Link
Download file
download.php
<?php
ignore_user_abort(true);
$path = ""; // change the path to fit your websites document structure
$dl_file = preg_replace("([^\w\s\d\-_~,;:\[\]\(\].]|[\.]{2,})", '', $_GET['download_file']); // simple file name validation
$fullPath = $path.$dl_file;
if ($fd = fopen ($fullPath, "r")) {
$fsize = filesize($fullPath);
$path_parts = pathinfo($fullPath);
$ext = strtolower($path_parts["extension"]);
switch ($ext) {
case "pdf":
header("Content-type: application/pdf");
header("Content-Disposition: attachment; filename=\"".$path_parts["basename"]."\""); // use 'attachment' to force a file download
break;
// add more headers for other content types here
default;
header("Content-type: application/octet-stream");
header("Content-Disposition: filename=\"".$path_parts["basename"]."\"");
break;
}
header("Content-length: $fsize");
header("Cache-control: private"); //use this to open files directly
while(!feof($fd)) {
$buffer = fread($fd, 2048);
echo $buffer;
}
}
fclose ($fd);
exit;
?>
DO NOT USE THE CODE ABOVE!
It not only doesn't convert anything into PDF but also allows the world to download arbitrary files readable by the webserver as plaintext. So one could download your mysql database credentials or your FTP password if set in wp-config.php.
Explanation: the code doesn't convert anything. It just takes the content of an arbitrary file and outputs it with a PDF or octet-stream content type. Take a text editor and look at the "PDF" you downloaded.
It looks like you haven't to set the line
$path = ""; // change the path to fit your websites document structure to the full path pointing to some_file.pdf.
I am trying to add the PHPPowerPoint to one of my tools. I add all the file that PHPPowerPoint needs and write the download link to the right page but when I try to download it, it say to me that I don't have the permit to access to the file.
I tried to change the permit manually but nothing change, also beacuse everytime PHP create a new file with the default permit.
I tried to use chmod on it but nothing change.
I tried also chgrp and chown to change the owner (that is "daemon").
It's weird because when I use it out from the tool, with only the code to create the PP file everything works also with this permit.
The tool where I want to add the PP file download was coded with codeigniter.
Here's how to write a PHPPowerPoint object to the browser and have the user download it. It doesn't ever write to the file system, so there's no need for write permissions.
$ppp = new PHPPowerPoint;
// create the powerpoint, adding slides, content, etc.
// ...
// done
// set up the writer
$pppwriter = PHPPowerPoint_IOFactory::createWriter($ppp, 'PowerPoint2007');
// tell the browser a powerpoint is coming
header('Content-Type: application/vnd.openxmlformats-officedocument.presentationml.presentation; charset=binary');
// make sure it downloads as $filename
header("Content-Disposition: attachment; filename={$filename}");
// output the powerpoint file data
$pppwriter->save('php://output');
you can use the download helper
The Download Helper lets you download data to your desktop.
Loading this Helper
This helper is loaded using the following code:
$this->load->helper('download');
The following functions are available:
force_download('filename', 'data')
Generates server headers which force data to be downloaded to your desktop. Useful with file downloads. The first parameter is the name you want the downloaded file to be named, the second parameter is the file data. Example:
$data = 'Here is some text!';
$name = 'mytext.txt';
force_download($name, $data);
If you want to download an existing file from your server you'll need to read the file into a string:
$data = file_get_contents("/path/to/photo.jpg"); // Read the file's contents
$name = 'myphoto.jpg';
force_download($name, $data);
I done the functionality for downloading .pdf file as it is in core php,
Here is a sample code for it
$path = "path of your file";
$fullPath = $path.$_GET['fnm'];
if ($fd = fopen ($fullPath, "r")) {
$fsize = filesize($fullPath);
$path_parts = pathinfo($fullPath);
$ext = strtolower($path_parts["extension"]);
switch ($ext) {
case "pdf":
header("Content-type: application/pdf"); // add here more headers for diff. extensions
header("Content-Disposition: attachment; filename=\"".$path_parts["basename"]."\""); // use 'attachment' to force a download
break;
default;
header("Content-type: application/octet-stream");
header("Content-Disposition: filename=\"".$path_parts["basename"]."\"");
}
header("Content-length: $fsize");
header("Cache-control: private"); //use this to open files directly
while(!feof($fd)) {
$buffer = fread($fd, 2048);
echo $buffer;
}
}
fclose ($fd);
exit;
Just change file extension pdf to ppt(wherever pdf extension occurs).
So I'm trying to develop a site for personal use and so far I've got a Google Analytic account and some basic infrastructure. I would like to have a download function for which I have a script which I managed to acquire from another question on this site, however I can't seem to find an efficient way to call the tracking.php within the download script. I have been unsuccessful in the sense that GA will pick up the request but the file will be downloaded in random gibberish on a separate tab.
Here is the download script I am using at the moment:
<?php
$path = $_SERVER['DOCUMENT_ROOT']."/store/files/";
$fullPath = $path.$_GET['id'];
if ($fd = fopen ($fullPath, "r")) {
$fsize = filesize($fullPath);
$path_parts = pathinfo($fullPath);
$ext = strtolower($path_parts["extension"]);
switch ($ext) {
case "pdf":
header("Content-type: application/pdf");
header("Content-Disposition: attachment; filename=\"".$path_parts["basename"]."\"");
break;
default;
header("Content-type: application/octet-stream");
header("Content-Disposition: filename=\"".$path_parts["basename"]."\"");
}
header("Content-length: $fsize");
header("Cache-control: private");
while(!feof($fd)) {
$buffer = fread($fd, 2048);
echo $buffer;
}
}
fclose ($fd);
exit;
?>
The Google Analytics tracking code (tracking.php) is in another separate PHP file within the same directory. I have attempted using the exec and include functions but to no avail.
Any ideas on how I may correct this issue?
You would probably go around this with some event tracking.
Basically, instead of trying to track within the download, track that the user clicked the download link:
Download
Im trying to make a script to download images from my localhost. Just for a schoolproject.
I get the filename via the url ("$_GET['file']"). Then i run this script. Every time the file is damaged and can't be viewed. I want to download images, but when i tried a word document it also was damaged. This is my code:
<?php
//get file
$file = $_GET['file'];
//set path of file
$path = $_SERVER['DOCUMENT_ROOT']."/blackbox/mediafiles/";
$fullPath = $path.$file;
if ($fd = fopen ($fullPath, "r")) {
$path_parts = pathinfo($fullPath);
header("Content-Disposition: attachment; filename=\"".$path_parts["basename"]."\""); // fore a download
header("Content-type: application/octet-stream");
header("Content-Disposition: filename=\"".$path_parts["basename"]."\"");
}
header("Cache-control: private"); // open files directly
while(!feof($fd)) {
$buffer = fread($fd, 2048);
echo $buffer;
}
fclose ($fd);
exit;
?>
Anybody has and idea what goes wrong?
Thanks in advance!!
Try opening the file explicitly in binary mode:
if ($fd = fopen ($fullPath, "rb")) {
As the documentation on fopen states:
Windows offers a text-mode translation flag ('t') which will
transparently translate \n to \r\n when working with the file. In
contrast, you can also use 'b' to force binary mode, which will not
translate your data. To use these flags, specify either 'b' or 't' as
the last character of the mode parameter.
The default translation mode depends on the SAPI and version of PHP
that you are using, so you are encouraged to always specify the
appropriate flag for portability reasons. You should use the 't' mode
if you are working with plain-text files and you use \n to delimit
your line endings in your script, but expect your files to be readable
with applications such as notepad. You should use the 'b' in all other
cases.
If you do not specify the 'b' flag when working with binary files, you
may experience strange problems with your data, including broken image
files and strange problems with \r\n characters.
You can use readfile instead of manually reading file and outputting.
Also, please note, that $_GET['file'] can contain '../' and open any file, which is a security risk. Use the basename function (if all files are in the same directory) or restrict access to files outside the mediafiles directory
<?php
//get file
$file = $_GET['file'];
//set path of file
$path = $_SERVER['DOCUMENT_ROOT']."/blackbox/mediafiles/";
$fullPath = $path. basename($file);
if (is_readable($fullPath) {
$path_parts = pathinfo($fullPath);
header("Content-Disposition: attachment; filename=\"".$path_parts["basename"]."\""); // fore a download
header("Content-type: application/octet-stream");
header("Content-length: " . filesize($fullPath));
header("Content-Disposition: filename=\"".$path_parts["basename"]."\"");
header("Cache-control: private"); // open files directly
readfile($fullPath);
}
exit;
?>
At first its not your answer. But you should really look at Security in PHP. On Your script you can access all files over the GET Parameter and DOCUMENT_ROOT.
Don't trust a user.
You should filter your variables at first or map them with a known list of files before deliver them to a user.
PHPSec
Either something is throwing an error from PHP, or you have leading whitespace before the opening tag in the file (<?php).
Do two things:
Make sure the < of <?php is the first character in the file. Make sure your script doesn't have a byte order marker in it.
Add these lines to the top of the script: error_reporting(0); ini_set('display_errors', 0);
Note that if disabling errors fixes your problem it means that there is an error which needs to be fixed, it is not a final solution to the problem!
Using readfile() is also shorter, safer and more efficient than opening a file pointer and looping it.
I need my server to act as a proxy between a 3rd party server (where the file is originally located) and the end user. That is, my server downloads the file from the 3rd party server, and sequentially, the user downloads it from my server. This should result in an incurred bandwidth of twice the file size. How can this process be achieved using PHP?
Very very simply like this:
$url = $_GET['file'];
$path_parts = pathinfo($url);
$ext = $path_parts['extension'];
$filename = $path_parts['filename'];
header("Content-type: application/$ext");
header("Content-Disposition: attachment; filename=$filename");
echo file_get_contents($url);
If the file is larger than a few megabytes, use fopen fread and frwrite download the file in chunks and send to the client in chunks.
$fp = fopen($url, 'rb');
foreach (get_headers($url) as $header)
{
header($header);
}
fpassthru($fp);
exit;
This will simply download a remote file to the browser with correct headers.
file_get_contents() will not load the page until the entire file is downloaded to memory
readfile() will show the page right away yet continue downloading the file in memory, streaming it to the client
Example usage using an EXE:
$url = "https://path/to/file.exe";
$filename = "SaveAsFile.exe
header("Content-Disposition: attachment; filename=$filename");
readfile($url);