I am trying to send files by using X-Sendfile directive in lighttpd.
My php code is;
header("Content-Type: application/force-download");
header( "Content-Disposition: attachment; filename=" . 's.php');
header("Content-Length: ". filesize("/home/web/domain/htdocs/download.php"));
header( "X-Sendfile: /home/web/domain/htdocs/download.php");
(I am sending download.php file just for testing purpose)
However, I get blank file no matter what I try. If I change the filename, I get;
2010-08-30 18:01:14: (mod_fastcgi.c.2587) send-file error: couldn't get stat_cache entry for: /home/web/domain/htdocs/downloa1d.php
So, it is working, but when I send the correct file it does not give any error in the logs and the browser downloads an empty file.
What could be wrong? What should I do?
It is likely that you don't have the right line in your lighttpd.conf file.
Add this in your fastcgi.server between the options with => arrows:
"allow-x-send-file" => "enable",
All but the last option end with commas.
I assume that you have your fastcgi already configured. If you are using a different framework for connecting PHP to your server, I can't help you.
If you have more than one PHP worker process, you must add that option to all of them.
I should add that .php files are small in size and outputting them with readfile() won't make a dent.
And, as I see it, you are using some non-critical headers wrongly. There is no such thing as force-download, it will just behave like an unknown file type. Use application/octet-stream. And your Content-Disposition is also shaky. Not only in that weird string enclosing. What the client should get is:
Content-Disposition: attachment; filename="My file ♥.txt"
The file name is surrounded by double quotes and it is NOT escaped; instead, it is either in UTF-8 or in the encoding of the calling page (this is a dirty grey area where every browser acts differently). You don't even have to include the file name to be on the safe side if you are satisfied with the downloading path. Then, it will look like this:
Content-Disposition: attachment
You can then use a pseudo-directory trick to supply a less buggy file name:
www.example.com/download.php/Custom%20Name.txt
This will work more reliably than that filename= parameter, but takes more planning in the link system. It may require you to do some redirecting.
OK this is an old post, but I'm going to reply anyway 'cause I was stuck on this too for way too long and I didn't find my solution anywhere so here I go:
Yeah I edited lighttpd.conf and added
fastcgi.server += ( ".php" => (( "allow-x-send-file" => "enable" )) )
and used
Header("X-LIGHTTPD-send-file: /path/filename");
in the PHP test page. But it didn't work. It took me a while to figure out I also had a PHP definition in
etc/lighttpd/conf-enabled/15-fastcgi-php.conf
After I added the option in there it worked :)
Related
I am working on a "simple" shopping cart app that allows users to purchase downloadable products. I am interested in creating a link to a digital product without revealing the full URL to the end user. I have searched other solutions here and understand the basics of making a "download.php" file that references the product ID, stored as a HASH type value in the DB, that can then be referenced to get the actual URL of the file.
However, there are some formatting issues that I've bumped into that others might find interesting:
The following link is an example: Download files from server php
It shows the following code as the headers of the downloadable document (Referencing a PHP variable):
header("Content-Disposition: attachment; filename=$file");
Another example of that is here: Start a download with PHP without revealing file URL
readfile($file);
However, if you look at the PHP HEADERS documentation here: PHP - HEADERS Documentation
You'll notice that all of the arguments passed are wrapped in single quotes:
header('Content-Type: application/pdf');
header('Content-Disposition: attachment; filename="downloaded.pdf"');
readfile('original.pdf');
Those who are particularly gifted in attention to detail will also notice that the Content-Disposition argument has the filename wrapped in double quotes . . . with the full argument wrapped in single quotes.
If I followed the code in the above examples (leaving out the single and/or double quotes) the file seems to be corrupted, missing, or just fails to load. So how do I fix this?
To get this working in my own code, I needed to wrap my PHP variables in either single or double quotes (and sometimes doubled single quotes) as shown below:
header('Content-Type:'.$ctype.'' );
header('Content-Disposition: attachment; filename="'.$fname.'"');
readfile(''.$filepath.'');
When entered this way, I was able to download the files without corruption or issue. Please let me know if you are aware of a better way of doing this.
However, when I used the coded above it also allowed me to NOT use the
ob_clean();
ob_end_flush();
commands in my code. In fact if I add them now . . . it seems to corrupt my files too. Weird.
Another potential GOTCHA is that if you attempt to download a TXT file, and you have a PHP "echo" statement anywhere in your "download.php" file, the contents of the ECHO statement will be appended to the TXTY file that's downloaded. So just something to be careful of.
This ECHO statement may also be appended to the headers of other documents types as well, but it didn't seem to affect the ability of the file to open in my limited testing. But again, be careful out there! :)
I have a file with no extension on it, but I know it's a tiff. I want to be able to download this file via PHP.
I created a page with a link to another php page, which has the following content:
<?php
$imgPath = 'http://server/23700-b074137f-eb5c-45d6-87c2-13c96812345b';
header("Content-disposition: attachment; filename=invoice.tiff");
header("Content-type: image/tiff");
readfile($imgPath);
?>
When I click the link, I get a prompt to download invoice.tiff, but it's 0 bytes.
However, if I rename the file on the server to 23700-b074137f-eb5c-45d6-87c2-13c96812345b.tiff (and change the $imgPath), it works.
How do I accomplish this without renaming the file to include the extension?
It's possible the 'tiff' extension is registered as a known file type on the server, so when you rename and request the tiff it's permissions will allow you to open it. However, with no extension, the security is probably stopping you from reading it, as mentioned by 'Mike B' above. To check this try just entering the file name in your browser address bar and see if it opens, both with and without the 'tiff' extension. There is no workaround for getting past the security issue, short of changing the severs security which would be very bad.
You are retrieving the file from a URL, therefore activating the 'fopen wrappers' in readfile. In general, you should not do this, especially when working locally since it invokes a lot of unnecessary overhead and (in this case) unwanted 'magic' behaviour.
Just use readfile on the local path to the file, and it'll be fine, or use die(file_get_contents($imgPath)) instead of the last line to circumvent PHP's native behaviour.
It works for me:
$imgPath = 'http://server/23700-b074137f-eb5c-45d6-87c2-13c96812345b';
$f = fopen($imgPath, "r");
header("Content-disposition: attachment; filename=invoice.tiff");
header("Content-type: image/tiff");
fpassthru($f);
You should also add the content-length header like so:
// untested code
header('Content-Length: '.strlen(stream_get_contents($imgPath)));
I have a simple form that, when posted back, calls a function to initiate a download. The path and file name are pulled from the database then I'm using headers to start the download. My code for the download is:
//START DOWNLOAD
header('Content-type: "application/octet-stream"');
header('Content-Disposition: attachment; filename="'.$FILE_PATH.$FILE_NAME.'"');
header("Content-Transfer-Encoding: binary");
header("Connection: close")
In the example above, the $FILE_PATH variable is /downloads/software/ and the $FILE_NAME variable is client-installer.exe. So, what I would expect is a file called client-installer.exe (approximately 70MB) to be downloaded to the client. Instead, I get a file called _downloads_software_client-installer.exe and approximately 10KB.
I thought maybe I needed to urlencode the file path/name but that didn't fix the issue either. So I'm left thinking perhaps I have something wrong with the header but can't seem to find it.
Thank you!
The filename header just denotes what the file should be called. It must contain only a filename, not a path. The internal path on the server's hard disk is irrelevant and of no interest to the client. Your server will have to output the actual file data in the response, the client can't take it from the server given the path.
See readfile.
I have a page in my site, displaying some images that are produced my PHP. When I right click on an image and click Save Image As I get as default name the name of the php file used for generating the image.
This is for example the html for the image :
<img src="picture_generator.php?image_id=5&extension=.png">
and the name I get is:
picture_generator.php.png
Is there a way to set this name to a default one?
Thanks in advance
You can provide it in the Content-Disposition HTTP header:
header('Content-Type: image/png');
header('Content-Disposition: inline; filename="' . $filename . '"');
However, some browsers (namely Internet Explorer) are likely to ignore this header. The most bullet-proof solution is to forge the URL and make the browser believe it's downloading a static file like /images/5/foo.png while the actual path behind the scenes is /picture_generator.php?image_id=5&extension=.png. This can be accomplished by some web server modules like Apache's mod_rewrite.
You can try to set the file name using the HTTP headers but not all browsers respect that.
The simplest trick is to extend the URL so that the last part contains the desired file name:
<img src="picture_generator.php/desiredfilename.jpg?image_id=5&extension=.png&name=desiredfilename.jpg">
Note I also added the file name at the end of the query string (the name doesn't really matter) as some browsers use that part.
Depending on your server configuration this will immediately work without any special configuration (no mod_rewrite or anything like that). You can check if it works on your server by simply appending "/foo" to any PHP-URL on your site. If you see the output of your PHP, all is good. If you see a 404 error then your server configuration can't deal with such URLs.
In your picture_generator.php file you need to add a header with the name. such as
header("Content-Disposition: attachment; filename=\"myfile.png\"");
I have a script which uploads files into an online directory and stores the file details in a database. The files when stored are renamed to the id of the entry in the database. Whenever a user requests a download, a simple SQL statement retrieves the file details from the database, the contents of the file are read from the database, and the file is prompted for download. The following is my code:
$one_file = $FILE_OBJECT->get($_GET['id']); // this is an object which just grabs the file details from the database
header("Content-type: ".$one_file['type']); // add here more headers for diff. extensions
header("Content-Disposition: attachment; filename=\"".$one_file["filename"]."\""); // use 'attachment' to force a download
header("Content-type: application/octet-stream");
header("Content-Disposition: filename=\"".$one_file["filename"]."\"");
readfile(_config('files_path').$_GET['id']);// reading the actual raw file stored in my online directory
Problem is that Im testing using a word document and its uploading perfectly - I've even checked the raw file being uploaded by manually changing its extension and it's uploading perfectly. The problem is that when it's downloaded using the code above, the Word file seems corrupted or something, because when I try to open it, it's all mumbled and jumbled. What's happening? I've used this snippet on a few other sites I've worked on, and they work perfectly fine... Help please!
By default PHP's header function will replace previous headers with the same name, so your first two headers are being overwritten by the second two. Delete the second two and see if that works.
See if this helps:
Webkit and Excel file(PHPexcel)
I was having the same problem: every time I downloaded a file, it was supposedly "corrupt". Turns out I had made a stupid directory path mistake, but the php error was being written into the downloaded file. Which, of course, made it "corrupt".
Actually I solved by reading Ian Wetherbee's comment about testing with a plain text file. Thanks Ian!