I need some code to download a pdf file.
what i mean is normaly when we give
like this href="./downloads/Intake Sheet rev 4-1-10.pdf"
that will open the pdf in the same window, i dont want this , i need that to be downloaded , means need the download window to appear.
i'm using php to develop my website.
Please give me some idea.
Thanks
This behaviour is usually controlled by user itself, but you can build a 'PHP gateway' to force the downloading of the PDF:
Download
And in download.php:
header('Content-type: application/pdf');
header('Content-Disposition: attachment; filename="downloaded.pdf"');
readfile($_GET['file']);
That should do it but note that this example contains an HUGE security flaw – you MUST check and sanitize the file parameter somehow to prevent users from downloading every file from your server but this should give you the general idea on how to accomplish forced downloads.
Related
I'm using the following to force download of MP3 files:
http://www.aaronfagan.ca/blog/2014/how-to-use-php-to-force-a-file-download/
Basically using PHP lines to force a download
<?php
if ($_GET['id']) {
$file = $_GET['id'];
header("Content-Description: File Transfer");
header("Content-Type: application/octet-stream");
header('Content-Disposition: attachment; filename="'.basename($file).'"');
header("Content-Length: ".filesize($file));
readfile($file);
}
else {
header('Location: http://www.mywebsite.com/error/');
}
?>
Am I correct to understand that anyone that knows how it works could basically download any files on any website with this?
For example, if I place that file in the root of mywebsite.com, anyone with knowledge could use a link like the following to download any file anywhere?:
http://www.mywebsite.com/download.php?id=http://www.anywebsite/files/file.pdf
Or would it only work on my website?
The files I want users to be able to download are MP3 files, would there be a way to "restrict" the type of files the "download.php" would process? so this way the "Content-Type" be set to something for only MP3 files, this way the "hack" would be restricted?
For example if I place that file in the root of mywebsite.com, anyone
with knowledge could use a link like the following to download any
file anywhere?:
http://www.mywebsite.com/download.php?id=http://www.anywebsite/files/file.pdf
If permissions open for http://www.anywebsite/files/file.pdf (it means you can open/download file.pdf with browser) you can download it remotly with your script (but as I now basename uses for local paths),
but usually permissions denied for direct download (you can close permissions too).
Also if you want you can add captcha to your download method to disable grab
Thanks.
Your code works only on your website.
For serving resources from other servers you can use this script Resource-Proxy.
Good Luck
I am using the FTP class in CodeIgniter, they have a function for downloading the file from the FTP, however, its only to the server itself. I am trying to get it to download straight to the user.
I know that i could just save it to the server and then force download and then delete. But its a bit of a hassle if the file is large and it would be slow.
So i am wondering from this code, if there is anyway just to use the force_download CI function?
Example;
$this->ftp->download('/public_html/myfile.html', '/local/path/to/myfile.html', 'ascii');
Thanks!
You simply download the file to PHP's standard output stream instead of a file [stream] like so:
<?php
header('Content-type: text/plain');
header('Content-Disposition: attachment; filename="test.txt"');
$this->ftp->download('/public_html/test.txt', 'php://output', 'ascii');
(Note: headers are used to force the download, otherwise the browser would simply print the contents)
You're welcome!
Here is the problem details:
1) I want to create dynamic (ip based) download link. So user can't download the file with different IP with the same download link.
2) Before start the actual download, i want to log this download request using php and perform some checks (verify the http referrer) to allow the user to download the actual file.
3) I also want the download file to be resumable and could be downloaded with download manager (with multiple download instances). Also want to limit the maximum number of allowed instances for each download.
4) The file size could be more than 200 MBs.
So, the solution which i am thinking is to create the download link with the md5 hash of user's ip. E.g.
http://yourdomain.com/download.php?ip_hash=hash-of-the-ip&file=file-to-download
This is just a example but we can also create a nice link of this using htaccess.
What should i do next? I tried to do it using
header("Content-Type: $ctype");
header("Content-Length: " . filesize($file));
header("Content-Disposition: attachment; filename=\"$fileName\"");
readfile($file);
But using this the download does not remain resumable for the end user.
Is this fine to send large files using this method?
After doing some research, I came to know that the .exe files become corrupted for the end user using this way.
After doing some more research, i have found the answer of my question. I just thought i should share it with you guys as well.
As rambo commented, we can use mod_xsendfile module of the apache server. We need to enable it if its disabled.
Here is the link to download the module files if your apache does not have this module. Its available for mostly all the versions of apache and available for both x32 and x64.
https://github.com/nmaier/mod_xsendfile
You can use the following code to send the file using this apache module after doing all your custom validations.
<?php
//We want to force a download box with the filename hello.txt
header('Content-Disposition: attachment;filename=hello.txt');
//File is located at data/hello.txt
header('X-Sendfile: data/hello.txt');
?>
I hope it will help you guys :)
I created in php starting with file_get_content to load a HTML page, parse to DOM and using xpath to find all image tags by class name. Essentially in the end I can resize and save all images locally(because I try on localhost).
The thing is once I hosted my php, all images will be saved on the server. The other solution might be to ask the user to install (e.g xampp) to run it locally (but not a preferable solution).
Could I do the same method with javascript/jquery to save all images found in a page? All I know is javascript can save but has to pop-up dialog save as and that also require to be done one by one for each image.
Thanks in advance for any answer.
You can't send multiple individual files. Best bet is to use the zip extension to compress multiple files together and offer that for download.
Zip Extension
You don't need to use JavaScript, you can use PHP to force the image download:
$file = 'path/to/image.png';
header('Content-Description: File Transfer');
header("Content-type: application/octet-stream");
header("Content-disposition: attachment; filename= ".$file."");
readfile($file);
I'm developing a web service. With this service, user's will upload their .php files, and service will remove UTF8 BOM characters from php file. And then, There will be a link like this :
Download Your File
But when i click this link, browser browsing to this file. I don't want browse it, i want to download it. So , when user click this link, downloading will start.
Any ideas ?
(P.S. I don't want modify uploadedfile.php file, also i read 5 questions about this, but still i have problem.)
You need to supply this HTTP header:
Content-Disposition: attachment; filename=example.txt
You can usually specify this for entire directories at a time by configuring your web server appropriately. If you mention which web server you are using, somebody may be able to suggest how to do this.
The problem is that you're allowing people to upload PHP files on your server, then giving them a link to execute that PHP file. The web server is automatically treating those uploaded PHP files like any other PHP file, i.e. executing it, which opens you up to a massive security hole.
Whatever purpose your web service has, I'd suggest renaming the file on your server when it is uploaded (something 'random' is best, without an extension), then having a PHP script feed it back out with the appropriate headers set when it is requested.
The URL for such a script would look like:
http://www.example.com/get_uploaded_file.php?id=jgh3h8gjdj2389
It would link the value in id with the file on the server, and if you've saved the original filename somewhere (flat file, DB), you can serve it out using its original name, so long as you set the right HTTP headers.
Linking directly to the PHP file may end up executing it. One way is (like somebody above suggested) to rename it. Or, you can have a downloader.php which does below:
<?php
header('Cache-Control: no-cache, must-revalidate');
header('Expires: Mon, 01 Jan 2000 01:00:00 GMT'); // some date in past
header('Content-type: text/plain');
header('Content-Disposition: attachment; filename='.basename($filepath));
header('Content-Length: ' . filesize($filepath));
flush(); // or any other flush function/mechanism you use.
readfile($filepath);
and link it something like:
Download
This method will let you retain the .php extension. Also, if the PHP file is big and connection is slow, they progress-bar would be accurate (because you've flushed the content length upfront.