I have PHP issue, I'm trying to force a file download using php
if users click on my link www.site.com/download.php it redirects them to download.php with the following code inside the download.php file
header('Content-Type: application/csv');
header('Content-Disposition: attachment; filename=custom_report.csv');
header('Pragma: no-cache');
echo readfile('files/csv/custom_report.csv');
readfile and fopen however is disabled on the server for security purposes.
Is there any other way I can do this
How about file_get_contents()?
If readfile and fopen aren't available, I'd expect all the file I/O fns to be disabled too.
In which case your only option is to provide a hard link to the csv file (but your service provider probably hasn't added the CSV mime mappings)
C.
From what I understand your problem is not getting the file to download but rather finding an alternative to readfile/fopen?
Related
I am trying to make a file download by using PHP but the file downloaded is a clean mp3 file without tags/metadata and not the one that is on my server.
Here's a detailed explanation:
I have a mp3 file with saved ID3 tags and all information on my server.
I run this code to start the download:
header('Content-Type: application/mp3');
header('Content-Disposition: attachment; filename="file.mp3"');
header('Pragma: no-cache');
readfile("file.mp3");
This starts a file download, but the file that is downloaded loses all its meta data, including any info and album art. Is there a way around this?
For example opening the file url and right clicking -> Save As, downloads it and preserves all the information stored in the file.
How can I prevent the deletion of all the metadata? Thanks for your help
Just add these two lines:
ob_end_clean();
flush();
readfile("file.mp3");
I'm using the following to force download of MP3 files:
http://www.aaronfagan.ca/blog/2014/how-to-use-php-to-force-a-file-download/
Basically using PHP lines to force a download
<?php
if ($_GET['id']) {
$file = $_GET['id'];
header("Content-Description: File Transfer");
header("Content-Type: application/octet-stream");
header('Content-Disposition: attachment; filename="'.basename($file).'"');
header("Content-Length: ".filesize($file));
readfile($file);
}
else {
header('Location: http://www.mywebsite.com/error/');
}
?>
Am I correct to understand that anyone that knows how it works could basically download any files on any website with this?
For example, if I place that file in the root of mywebsite.com, anyone with knowledge could use a link like the following to download any file anywhere?:
http://www.mywebsite.com/download.php?id=http://www.anywebsite/files/file.pdf
Or would it only work on my website?
The files I want users to be able to download are MP3 files, would there be a way to "restrict" the type of files the "download.php" would process? so this way the "Content-Type" be set to something for only MP3 files, this way the "hack" would be restricted?
For example if I place that file in the root of mywebsite.com, anyone
with knowledge could use a link like the following to download any
file anywhere?:
http://www.mywebsite.com/download.php?id=http://www.anywebsite/files/file.pdf
If permissions open for http://www.anywebsite/files/file.pdf (it means you can open/download file.pdf with browser) you can download it remotly with your script (but as I now basename uses for local paths),
but usually permissions denied for direct download (you can close permissions too).
Also if you want you can add captcha to your download method to disable grab
Thanks.
Your code works only on your website.
For serving resources from other servers you can use this script Resource-Proxy.
Good Luck
I am using the FTP class in CodeIgniter, they have a function for downloading the file from the FTP, however, its only to the server itself. I am trying to get it to download straight to the user.
I know that i could just save it to the server and then force download and then delete. But its a bit of a hassle if the file is large and it would be slow.
So i am wondering from this code, if there is anyway just to use the force_download CI function?
Example;
$this->ftp->download('/public_html/myfile.html', '/local/path/to/myfile.html', 'ascii');
Thanks!
You simply download the file to PHP's standard output stream instead of a file [stream] like so:
<?php
header('Content-type: text/plain');
header('Content-Disposition: attachment; filename="test.txt"');
$this->ftp->download('/public_html/test.txt', 'php://output', 'ascii');
(Note: headers are used to force the download, otherwise the browser would simply print the contents)
You're welcome!
I have a htaccess password protected folder with several files in it. Users are not allowed to access all files, but are allowed to download their own.
Since i can't direct link the file and since copying / removing isn't a real solution, i thought i'd just open the file using file_get_contents and echo it back into the page using the right header. But.. i don't get it working.. Here is my code. The error i am getting is that when opening the file i get a "file is damaged" error from Acrobat.
<?php
$file = "cms/docs/5641-1.pdf";
header('Content-Description: File Transfer');
header('Content-type: application/pdf');
header('Content-Disposition: attachment; filename='.basename("exoticfilename.pdf"));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
if (file_exists($file))
{
echo file_get_contents($file);
}
?>
Also, in this example I am just using a PDF file, but there are several types of files. Therefore i should probably change the header depending on the file type. Is there a solution for that, or should i just use a very long if / else statement?
If there is another, better way, I am open for that.
UPDATE
The above works, but not with all files. Older PDF's (Acrobat 6) don't work, but Acrobat X files do. Same counts for the docx files. Some work, others don't. Very weird, since I am able to open all directly on my PC. I assume it has something to do with the application/pdf line (or application/vnd.openxmlformats-officedocument.wordprocessingml.document' for docx). All others, like images, work.
Since you are using htaccess/htpasswd to protect the directory from hot-linking leeches. You are inadvertanly blocking access to the files from an outside source such as a browser from the client side. Since the directory requires authentication to access the files within it, you need to script around it. In a sense authenticating through the script. I have seen it done before, and you can find one of many references on the subject here
http://koivi.com/php-http-auth/
but bottom line is htaccess and htpasswd over run your scripts even if on the same host machine, as they are in a lack of better description server level, ran before even php starts its process on a page load.
I have users uploading DOCX files which I make available for download. The issues we have been experiencing is the unknown mime types of DOCX files which causes IE to open these docs as Zip files.
It is running on a Windows/IIS server.
Because this is a shared host, I cannot change any server settings.
I was thinking that I could just write some code that would handle DOCX files, perhaps custom output:
if (extension=docx) {
header("Content-Disposition: attachment; etc)
header('Content-Type: application/application/vnd.openxmlformats-officedocument.wordprocessingml.document');
//Output the file contents etc
}
Would this be a viable solution?? If so, can someone help fill in the gaps?
(PS I know the above syntax is not correct, just a quick example)
This should do it:
header('Content-type: application/vnd.openxmlformats-officedocument.wordprocessingml.document');
header('Content-Disposition: attachment; filename="myfile.docx"');
readfile('myfile.docx');
Yes, that will work fine. The PHP docs have basically the exact code you want.