i temporarily change place for static files on site. But this files must have access from old URL, i've create a script that make's redirect to the right place, but this files are downloading by third-part program.
The problem is that program ignoring redirect. I tryed to use permanent redirecting but no success.
Okay, so a redirect doesn't work.
What you can do is read the file in PHP and output it directly. You can use the function readfile() to do that.
readfile($filename);
Related
Is it possible using the header() function or perhaps another php function to pass a file to the browser locally?
I am currently using Chrome. I have the Office Editing for Docs extension installed which essentially allows me to open Word docx files locally into my Chrome browser by passing the full directory and file name into the URL address bar of Chrome. This essentially opens the Word file in Chrome. I would like to accomplish this task in php
I have tried the following below but no luck.
header( 'Location: file://c:\users\jbloggs\desktop\test.docx' );
I know the header() function is primarily used for redirecting to a web page
header( 'Location: http://www.google.com' );
Any help much appreciated.
It doesn't work this way, because you are trying to redirect from a remote server to a local file path. Chrome doesn't accept this because of security considerations. Note that it doesn't matter whether your web server is running on the same physical machine, it is seen as a separate server from your local file system. You can however accomplish this task using normal HTML:
Document
If you save this to a static HTML file and open it in your browser you should upon click be redirected to the document. If you want a direct redirect, use JavaScripts window.location You cannot however serve the file from a HTTP Server, like mentioned above.
If you want to do so, you have to serve the .docx file from your server as well, by including it as static content and then linking to it via HTTP as well.
Hope this helps!
I have a video file and I have commanded the server through htaccess to redirect when requesting the file url. However, I wonder if someone remote can use php functions such as file_get_contents to access the video file since I have only one server and I am not sure whether remote servers can access to it. In my own server I can access to it. Yet I don't want others to access the video file unless authenticated by php.
If you really do not want people to get that video why have it in public web folder? Just put it somewhere else and problem solved. What is the use case of this?
That said, if your redirect is working correctly, the file will not be served. file_get_contents() is still requesting the file from your webserver so it can't just magically ignore the redirect.
If you want to be able to download that file but prevent everyone else from doing it, put the file out of your www root and have a php script to retreive it. You can set up basic http authentication to prevent anyone accessing the php script.
header("Content-Type: application/octet-stream");
header("Content-Transfer-Encoding: Binary")
header("Content-disposition: attachment; filename=\"myvideo.avi\"");
echo file_get_contents("/directory/out/of/www/that/is/readable/by/www-data");
I have this in my code:
Sample PDF
So basically it will appear to be a download link to file 'sample.pdf' but the problem is, there's a restriction in downloading this file. so whenever there are confidential reports uploaded and a malicious user accidentally memorized or viewed the URL of the download link in the browser history he can easily download it even without accessing the website because it is a direct link. What am i supposed to do so this link will be protected? or be downloaded only for the user assigned to it?
Don't serve up files by their direct URLs. Have a PHP script receive the filename of the file wanted, and serve it up.
So, if someone wants to download the above files, he would go to
example.com/getfile?file=sample.pdf
Your PHP script would check if the current user has permission to view the file, and then serve it up.
Make your links like this:
Sample PDF
Your current method is very insecure for sensitive files. A malicious user could trivially write a script to download ALL files in res/pdf. All he needs to do is check every permutation of letters in the directory, and throw away all 404 errors.
You will not redirect the user since that would defeat the purpose. You will serve the file as a download with the appropriate Content-disposition header.
Here's an example: Fastest Way to Serve a File Using PHP
You can google and get many more examples.
Here's a great example that shows how to serve PDF files:
https://serverfault.com/questions/316814/php-serve-a-file-for-download-without-providing-the-direct-link
You can restrict using htaccess
I have an iframe that loads a remote page (not hosted on the same domain). I would like to edit the contents of the page, but of course, this is not possible, since I don't have permissions.
So, I was wondering, if I have FTP access to the site, would there be a work around to the problem? With FTP, I could copy the files of the site over to my domain, and edit them via an iframe. But I was wondering if there is an alternate method.
Actually, yes. If you had FTP access to the site you could do it in theory.
Basically, something like:
// I used jQuery to speed up writing ajax code, really it could be anything else
jQuery.get('?refresh',function(){ // this function is called when the request finishes
// force the iframe to do a complete refresh (hence the random token)
jQuery('#iframe').attr('src','http://targetsite.com/somefile.php?r='+Math.random());
});
And:
// if the variable in question was set...
if(isset($_REQUEST['refresh'])){
// the following requires "allow_url_fopen" config to be on
// otherwise, you could use any other PHP FTP library
file_put_contents('ftp://username:password#targetsite.com/somefile.php','Hello');
}
Why use iFrames? If you need to load the content of a page hosted on another server, you could grab its content with cURL or some of the PHP file wrappers, e.g. the PHP readfile function. Viola!
If you used readfile(..) you can also make edits to the file content you've loaded before you display it. If you have permission, you could also use include() to read the file via HTTP if you are certain that a valid PHP file will be returned from your request.
I have a link to a download to a file that calls a php script before it starts downloading the file. Is it possible to somehow get the location of the file that is to be downloaded directly (maybe through some browser plugin)?
I need this because I want to use wget on another system to download the file directly. A problem might be authentication because I need to provide a username and password, but getting the file location URL is the first step I think.
Thanks,
Ivan
If the PHP script directly reads the file, no, you will never get the real location of that file.
If it redirects to it, yes, it's possible using the Firebug "net" tab or Live HTTP headers extension.