I'm setting up a script that'll download files from a URL with wget and make them available for download. I'd like to save them each with unique ID numbers, however the downloaded file must be called something different. How can I initiate a download of a file with a different name than is stored on the server?
Many thanks in advance.
You can use header
header('Content-Disposition: attachment; filename="downloaded.pdf"');
readfile("/path/to/file");
You can also have a counter that counts the number of files you are downloading and after you download each one you can rename the file name to xxxx1.dat, then you'll have xxxx2.dat, etc.
That will also allow you to know the order of the files, if that is of some interest to you.
Related
I have a system that holds files (attachments) for certain table rows. that means that the file names could be the same some times. i am trying to find a way to store the files in a way i can later on look for the row id, file name or file id and serve that file to download.
i had the following ideas.
for each row i will create a folder, in each of the row folder i will create another folder with the file id, and then inside that hold the file. now the issue with that would be handling the directories and sometimes permissions could also be an issue.
(i like this method more) have 1 folder with all the files, the file names will be composed of the row id, file id, and file name.
My question is lets say i used method 2 and the file name is something like: 12212.18.this is file name.jpeg
is there a way for me to serve this file just as :this is file name.jpeg
?
If there's a 3/4 methods you can think of that's better. would be great.
Thanks.
Use PHP to ope/read the file and then push it to the browser with whatever name you want.
header('Content-Disposition: attachment; filename="your_file_name.jpg');
You'll probably need to set other headers - e.g. Content-Type - so best to read up # http://us2.php.net/manual/en/function.header.php.
The Content-Disposition header will let you do that. But this is assuming that you want to offer files for users to download and save on their hard drives. If you just want to serve images to include on a webpage, why bother about the file name at all?
Are there any good open, premade libraries or other systems for a file download based on unique codes distributed to the user?
The idea here is to generate a set of codes, that lets each user use his code to download a file. Preferably with a customizable limit to times downloaded and/or time limit.
if not, good ideas on how to implement this will be appreciated.
For generating those codes, you can use a function that generates a random string or simply the PHP's native rand() function. Then you create a table in the db that features the code you generated and the location of the file associated with it.
The download.php file should be called like this : download.php?hash=generated_code
And look like this:
<?php
// Retrieve filename and file location on the disk from the db
header('Content-disposition: attachment; filename='.$sql_response['filename']);
readfile($sql_response['filelocationondisk']);
?>
Also you can restrict download limits using cookies or counting the amount downloaded by IP in the database.
Good evening.
I am using Yii framework and mPDF library to generate some PDF files via Ajax script and I need to force "save as" dialogue in users' browsers.
I know how to solve this issue with a single user dowloading a single file.
Does anyone have a tip on how could I make it all work on high-load system (e.g. several users trying to generate and download a PDF will attempt to access one temp file which would cause an error)?
Should I generate a separate file for each session? And which way would be nice for cleaning these temp files?
Thank you for your help.
you should use tempnam http://www.php.net/manual/en/function.tempnam.php to generate the temp files. they'll be uniquely named, so it'll be easy to make one per session. Just delete as normal when you're done with them.
Make an invisible iframe. From JS set that iframe's src to the script on your server that generates the PDF.
<iframe src="http://yoursite.com/download-file.php?report=pdf¶m1=value1¶m2=value2..." width="1" height="1"></iframe>
Then (and I'm not sure how you do this with mPDF) the point is to output the file from script directly into the browser. It's something like this:
<?php
$x = some_function($_GET['param1'],$_GET['param2', ...); // PDF GEN. ROUTINE, BASED ON REQUEST DATA, HOWEVER YOU DO IT
header('Content-type: application/pdf');
echo $x;
That should solve all your concerns.
First of all, I'd recommend you to generate a different temp file for each generated PDF, in order to avoid any possible error like one user downloading somebody else's PDF, etc.
To clean up the temp directory, I'd use a cronjob that deletes all files older than N days.
In order to "force save dialog", you have to set the Content-disposition header to attachment:
header('Content-Disposition: attachment; filename="myfile.pdf"');
I'm building a file sharing site, and I'm thinking, I want my users to be able to upload and share anything.
Sounds dangerous, I know. But, is there a method to allow this to be possible? For example, forcing the download when the user requests the link with a mime type? Rather than "running" something on the page.
Any ideas how to allow any file type without the security issue.
Thanks
Store the file on a location not accessible by the user through the browser. (so above the document root)
when loading a file, use the readfile() function.
Set correct headers, including these:
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=[INSERT FILENAME HERE]");
And also use the correct content-type header for each type of file
If you only want it to be dangerous to other users (as they will be sharing virus ridden files in no time), but provide some protection for your web server from code injection attacks, you might consider storing the uploads in a database BLOB field. That should at least make it harder to inject code that will run on the server.
You can allow users to upload anything by using a simple HTML multipart form along with PHP's $_FILES. Only issue I see is file size limits.
You than can simply post a link to any of these files. It's the user's browsers settings that determine if a file is executed or downloaded, not yours. So you can suggest that they right click on them, and select 'save to', but besides that it's limited.
Any ideas how to allow any filetype without the security issue.
You say it yourself. It's like wanting to make scrambled eggs, without wanting to break the eggs.
Writing a small app that (among other things) lets users upload a file (like an image, a .doc or a text file) as part of their posting/submission.
Our current prototype just dumps the file into /{app_root}/files/, but of course, anyone can get to that even if they are not logged in or using the system. The goal is to only grant access (view access) to the files if user is logged in and does in fact have access to the post that the file belongs to.
So, in short, I am looking for a good way to do this.
I am thinking of either creating a folder outside the /web/ (http) folder and then having PHP render it somehow using header() commans, or, maybe just dumping the file into the database? I have never done either one, however.
While I suspect I can figure it out eventually, there are just too many smart people on here that I was figuring someone will know of some sort of existing class or function library that does this already?
You have to do the following:
Move all the files out of the webroot. You could disable access to the folder with .htaccess, but it is not worth the hassle and potential security risk. Just move it out there.
Keep a table of the files uploaded, storing the user's original file name there. Rename the file to $id.$ext and so on. In short, you don't want to use the user's file name in your system.
Have a script, download.php or whatever, get the file's ID, verify who is logged in, and if everything checks out, fetch the file, read it out to the browser, and send the appropriate download headers.
These headers would be something like:
header('Content-type: application/octet-stream');
header('Content-disposition: attachment; filename=usersuppliedname.txt');
header("Content-Length: " . filesize('../safefiles/1.txt'));
header("Content-Transfer-Encoding: binary");
readfile('../safefiles/1.txt');
exit;
You can then get more fancy if you want to allow resuming files and such, but the above should do it.