I have this code and for some reason after this forces downloading file code, the next php code does not run..
$file = "2.jpg";
header("Content-Type:application/force-download");
header("content-disposition:attachment; filename=".$file);
readfile("$file");
echo "hello"
the echo "hello" command for example does not work
Because of the way the HTTP protocol works, the contents of the header - in the reply from the server - are used to determine how to handle the contents of the reply body.
And you are adding headers that tell the browser(or whatever is receiving the reply) to treat the contents as JPG data. All of the contents. So that's what happens. You don't send both the data and some HTML/text to show. Either a page or JPG contents are sent.
If you look at the contents of your downloaded image file it should have "hello" at the end of it.
Update:
If you want to you could use the meta tag to first display a message and then redirect to your download URL. The 2 in the example is the number of seconds to wait before the redirect should happen.
<!doctype html>
<html lang="en">
<head>
<meta http-equiv="refresh" content="2;URL='http://example.com/readfile.php'" />
<title>You will soon be downloading</title>
</head>
<body>
Hello
</body>
</html>
This is the cleanest way. If you don't want to display the message until after the file has finished downloading you can do that as well, but then you'd have to resort to Javascript(AFAIK). And that's a little bit trickier.
I am looking for a simple and effective way to create a pure html file based off a php file. For instance, in template.php below the php would be inserting various portions of the page. I want to save the page then as html removing all php code and leaving what was inserted by it... hopefully that makes sense... the output of template.php would be a better way to say it I guess.
First, I do not know if something like this is possible. Second, is this the best way to go about something like this?
Before anyone starts screaming about security there will be ZERO user submitted / form submitted variables in this page. My goal is to create a report from database values with the template which the user can then view/print/save off the server as pure html. There will be no images only inline css.
EDIT :
This html only output of template.php needs to be saved on the server as its own file. The reason for the php 'template' is because I will be creating the vast majority of the page with php... but I only want to save its resulting output.
template.php :
<!DOCTYPE html>
<html lang="en">
<!-- BEGIN HEAD -->
<head>
<meta charset="utf-8" />
<title><?php echo $title; ?></title>
<meta content="<?php echo $desc; ?>" name="description" />
</head>
<!-- END HEAD -->
<!-- BEGIN BODY -->
<body>
... further html with php mixed in
</body>
<!-- END BODY -->
</html>
Current solution :
I did some further research and this is acting exactly how I want it to. Comments/suggestions welcome for it.
<?php
ob_start();
require_once('/home/test/public_html/template.php');
if ( ob_get_length() > 0 )
{
$ssReport = ob_get_contents();
file_put_contents('/home/test/public_html/test.html', $ssReport);
}
ob_end_clean();
?>
You can use REGEX (Regular Expressions) to strip out all php-code.
The Expression <\?php.*?\?> can do that for you...
PHP-Example:
$tempateFile = file_get_contents('template.php');
$htmlPlain = preg_replace('/<\?php.*?\?>/si', '', $tempateFile);
If you allow "Shorthand Open Syntax" for php-files <? instead of <?php you should use the pattern <\?(?:php)?.*?\?> which will become preg_replace('/<\?(?:php)?.*?\?>/si', '', $tempateFile);
If you want to take a html-snapshot of your site(s) try this options:
use wget to grab a copy of your website (see wget manual or wget tutorial)
use curl with a script to grab a copy of your website (see curl manual or
curl tutorial
make a php-script which uses file_get_contents($url) to grab outputs of you specific public-available URL and store it with file_put_contents(...) to a html-file.
I'm working on a website, which I have temporarily hosted here.
You'll notice the mystery letter 'a' I'm getting at the start of every page. I've gone through all the php files (controllers, views, models) and cannot locate where this letter is coming from. Another curiosity is that all the head content is not residing in the head tags when inspected with Firebug. It appears in the body tags, however it still functions correctly. Are these two issues related?
The only thing I have found from searching the internet is that perhaps some files have been saved as ANSI instead of UTF-8. I've tried 'saving as' all my php files as UTF-8 using my editor, but it is a very slow process. Any help debugging this situation would be appreciated.
EDIT- thanks for your response, #erman-belegu. It doesn't seem to be in any controller. For instance, I've set up a 404 redirect, with its own controller and view. The view looks like this:
<!DOCTYPE html>
<html>
<head>
<meta name="description" content="No Page">
</head>
<body>
<h1>No page dude.</h1>
</body>
</html>
But when inspected with firebug, it looks like this:
<html>
<head></head>
<body>
a
<meta content="No Page" name="description">
<h1>No page dude.</h1>
</body>
</html>
I have encoded everything using UTFCast, and am still experiencing the same issue. Any help welcomed.
You see the head inside the body tag because the mysterious "a" is the first character of your output. It's put inside the body tag by the rendering engine of your browser, or by firebug.
If you find the cause of your "a" - almost certainly some content outside PHP tags - the head will return to normal in firebug.
Searching for the "a" is tricky.. I'm not sure how large your codebase is, but I'd say start by exiting the process right before output is sent. You should see only the "a". Then move the exit step by step untill your "a" disappears, and you'll find it.
Check your controllers at start or maybe any print somewhere. Check all your code on these pages because you print these "a ".
Also use UTF-8 without BOM. But, I think that you print it accidentally and dont think that this happens for any other reasons.
I am new to php and wonder what am I missing about the rules for interleaving html and php code.
This is now the second time I run into a situation where a php file only works if my php tag is at the beginning of the file. This is not the case for all my files. I wonder why that might be.
Here is an example:
My file structured as follows works just fine:
<?php
... my php code
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>Authentication</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<div id="container">
</div>
</body>
</html>
But when I move that html block at the top (which is what I want ultimately since I use some echo statements in my php code), and leave only the following at the bottom:
</div>
</body>
</html>
then some portion of the php code do not work. For example, my setcookie function no longer sets a cookie (though it does not error out) while I can still run sql queries or echo statements just fine. I ran into a similar issue with a complete different code taken straight out of a tutorial site: the example would only work if the code started with
Some operations (like writing a cookie) must be performed by PHP before any output is sent to the browser, because those operations involve setting response headers (which are always sent before any other content). That seems to be the problem here.
Per the documentation:
setcookie() defines a cookie to be sent along with the rest of the
HTTP headers. Like other headers, cookies must be sent before any
output from your script (this is a protocol restriction). This
requires that you place calls to this function prior to any output,
including <html> and <head> tags as well as any whitespace.
Give those links a look, they will explain something, and never forget to ask here on stackOverflow
http://www.w3schools.com/php/php_cookies.asp
http://php.net/manual/en/features.cookies.php
http://www.w3schools.com/php/php_sessions.asp
http://it.php.net/manual/en/session.examples.basic.php
Answering your question, you can place the tag practically anywhere in the html code, as long as it's structured correctly.
However, there are some functions in php requires that no output is made before it is executed, like setcookie, setsession, header .. etc.
The output here is either;
a. an echo statement in php code.
b. an html code before the tag that the function is in.
and as for that some code in php doesn't work.
Usually, if you have any problem in your code, that php code doesn't work. So, it's better to check if it syntax correct or not before that.
I want to send some response codes in response (what else?) to various conditions.
The header is being sent - I tripped over the various errors you can make using header(), such as having output before the call before. I figured out those sort of issues, for instance, I now use ob_start() and ob_clean() before the header() function call.
Now I need to understand why my browser/server/whatever is not showing me an error page.
Here's the HTML page which I'm using for testing:
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en"><head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
<title>Header Testing</title>
</head>
<body>
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
ob_start();
ob_clean();
header("HTTP/1.1 403 - Forbidden", true, 403); // I get the same results with or without "true, 403"
ob_flush();
?>
Here's the header from the access log:
127.0.0.1 - - [11/Feb/2012:19:14:35 -0600] "POST /commentprocessing.php HTTP/1.1" 403 266 "http://127.0.0.1/submitcomments.php" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.24) Gecko/20111103 Firefox/3.6.24 ( .NET CLR 3.5.30729; .NET4.0C)"
Here is the HTML source:
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en"><head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
<title>Header Testing</title>
</head>
<body>
</body></html>
That is exactly what I'd get if I removed out the PHP code from the test page.
Is there any way to have an "error" page display automatically based on the return code in the header?
I am running Abyss server locally for this sort of testing. I have a custom error page defined in Abyss for 403 errors and I've checked that it is spelled correctly in the Abyss setup and the page actually exists.
That page is not being displayed for the header with the 403 response code - which seems to be sent properly since it shows in the access log.
Could this be an issue with my using Abyss locally and not the server of my hosting company?
Any suggestions?
EDIT***
tftd,
If what you said is true, that the server is ignoring my code, why is it logged in the access log with the code I specified?
And, if what you said about being unable to change the response code, why even have the header() statement OR why does not the documentation clearly point out that such as things as using ob_start() and ob_clean() won't resolve get around it.
I've see, in more than one place, references to using ob_start() and ob_clean() to delete generated output so that the header() call will work.
heera,
Thank you, at least for showing me that material can be placed above the doctype statement and still be effective. I would not have thought that would work. So, thank you for that.
However, your example merely outputs exactly what would be output if you stripped out all of the PHP and had just the HTML.
I have removed your onload call to eliminate the 'function not defined' error which would have occurred since you did not include a script containing the referenced function.
The following will produce the same output as your example:
<!DOCTYPE html>
<html>
<head></head>
<body>
This is some text
</body>
</html>
Here's your example, which produces the same output as the straight HTML above.
<?php ob_start();?>
<!DOCTYPE html>
<html> <head></head>>
<body>
This is some text
</body>></html>
<?php
$ob=ob_get_clean();
echo $ob;
ob_end_flush(); ?>
You take a convoluted journey to the same output.
Also, why get the contents of the buffer and turn around and echo it out? What does that demonstrate other than a call to ob_get_clean() returns the contents of the buffer, erases it, and, unlike ob_clean(), deletes the buffer and if you want to send the output you just erased, you have to use ob_get_clean() and save it and then use echo to write it out.
Doesn't that just demonstrate that you had better do something to save the contents of the buffer, if you want to output, before calling a clean function?
And, ob_end_flush() is documented, everywhere I've encountered it, as being automatically called went the script/page finishes. Why demonstrate something that happens automatically, unless you were showing that with our with out a flush call, of one type or another, results in the same output, provided additional out is not created after the flush call.
Seems like your ob_end_clean() call doesn't demonstrate anything at all, hmmm, or does it?
So, why generate output, get it from the buffer, erase and delete the buffer, and then output the contents you saved? What exactly, does that demonstrate? How to do something simple in a convoluted, strange way?
Now, if you wanted to demonstrate the difference the placement of the ob_start() makes on the output and that ob_clean() deletes previous output, why not start with an example like this:
<?php ob_start();?>
<!DOCTYPE html>
<html>
<head></head>
<body>
This is some text
</body>
</html>
<?php
ob_clean(); // erase output buffer
echo "It was the best of times, it was the worst of times."
?>
The only output from that would be
It was the best of times, it was the worst of times.
If you comment out the ob_clean() call:
<?php ob_start();?>
<!DOCTYPE html>
<html>
<head></head>
<body>
This is some text
</body>
</html>
<?php
//ob_clean(); // erase output buffer
echo "It was the best of times, it was the worst of times."
?>
The output is now:
<!DOCTYPE html>
<html>
<head></head>
<body>
This is some text
</body>
</html>
This is some textIt was the best of times, it was the worst of times.
If you take my original example and move the ob_start() down into the second piece PHP code, like this:
<!DOCTYPE html>
<html>
<head></head>
<body>
This is some text
</body>
</html>
<?php
ob_start();
ob_clean(); // erase output buffer
echo "It was the best of times, it was the worst of times."
?>
The output is:
<!DOCTYPE html>
<html>
<head>
</head>
<body>
This is some text
</body>
</html>
This is some text It was the best of times, it was the worst of times.
Those are the examples I would provide to show the effect of the placement of the ob_start() and ob_clean() calls.
Again your example does exactly what the HTML would do were the PHP not there.
If you were saying that you must use ob_start, ob_get_clean(), echo, and ob_end_flush() to produce output - well, I would expect that from a programmer who only knew about ob_get_clean() and ob_end_flush().
I'd expect that from a programmer who, for some reason, thought he or she had to take charge to get the output to the user; that they had to take the buffer contents and use echo to send it to the user.
I simply don't understand why your wrote that example as you did or what, besides placement of the ob_start(), you were trying to demonstrate.
As for the "real world" - in the real world programmers are expected to understand the language features they use and any alternatives to them. They are expected to understand concepts - such as PHP automatically sending any generated output without the programmer having to call a function to get it to the user.
You called my use of buffering wrong. Well, it was, as regards the placement of the ob_sat() call, but everything else is just fine.
If you had posted your example in a question of some sort, my reply would have been -
There is absolutely no need to use an PHP to achieve what you are tyring to do. Take out the PHP and use the straight HTML - the output will be the same.
I'm sorry, but that example, except for the ob_start placement, demonstrates nothing but a strange and convo9luted way to get a HTML to a user.
Perhaps you just didn't take the time to consider the best example to use, after, first deciding what the example was to demonstrate.
If we ignore that fact that the example does nothing that the straight HTML does and it goes about outputting the buffer in a convoluted way, all your example did was set me straight on one thing - you can put something before the doctype and it will be "processed. And I thank you for pointing that out to me.
mc_kennedy,
I read the page you pointed me at but I don't think that applies since the first line of output does no start with HTTP/, as the page specifies.
I'm basing that on what I see in the source view window in my browser. The first line is either the doctype or a
To everyone in general --
It seems that what is being said, by some people, is that you have to have the header() call at the very top of the file and that will allow you to send response codes correctly.
Well, I tried that, with the PHP at the very top and followed by standard HTML, and I don't see any difference.
Am I wrong is thinking that a server will react differently to, say, a 200 than to a 403?
Do I have this all wrong and what I'm expecting - to have the server react, somehow, to the 403 or 500 error - is simply something that does not exist?
If the approach I was using would cause the header() call to be ignored, why does the log show the code I was sending?
I now understand that I should generate the error pages myself, I suspected (well, more than suspected, more like figured that was required.)
But am I expecting a server to react to different responses codes in different ways and this simply does not happen?
Bob
The header() function only alters the existing headers which are sent by your web server.
In your case you can't alter the status. By opening http://localhost/index.php you're sending a request to Abyss, which searches for index.php. If it finds the file - it opens/executes it. And because your file actually exists Abyss/Apache/Nginx will act if you're sending Status: 200.
Even if you send header('Status: 403'); the server will not honor it.
I'm not sure if there's an option to override the server's response the way you want it but with apache,nginx you can't do this.
Edit:
As #Alex Lunix said - you can redirect the user to the error page via
header("Location: path/to/your/error/page");
You might want to check how your Abyss server is treating your PHP script. As the log entry is indicating you are sending a 403 response, the server is probably treating the script as an NPH script and thus sending the output, headers included, directly to the browser with no other actions (such as checking if it should go to the configured 403 page). See http://www.aprelium.com/data/doc/2/abyssws-win-doc-html/cgiinternals.html for more details.
Addition to other answers your use of object buffering is wrong, here's a simple example of that
<?php ob_start();?>
<!DOCTYPE html>
<html>
<head></head>
<body onload="initialize()">
This is some text
</body>
</html>
<?php
$ob=ob_get_clean();
echo $ob;
ob_end_flush();
?>
In real world you have to use it differently, it's just an example.
Sending the response code in PHP is not supposed to also forward them to the error page.
Use header("Location: /error/page/url"); to forward them to the page, and if your error pages already send the response code you don't need to send it before forwarding them.
And the problem with the headers already sent thing is due to have already sent content, headers need to be sent before all other content. So placing it above the html would fix that.
<?php
if(Condition for 403){
header("HTTP/1.1 403 - Forbidden", true, 403);//Tell the user that this page is forbidden (not necessary if /error/file/ sends response)
header("Location: /error/file/"); //Forward user to your error page
exit; //Used to prevent php from executing further in the script
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en"><head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
<title>Header Testing</title>
</head>
<body>
EDIT:
The reason you place it at the top is so that they send before any output (which is what output buffering would do, but that adds unnecessary code). Sending the response code tells the user the nature of the page, if you were writing a 404 error page, then you would send a 404 response. If on this page you want to 403, you need to forward them to your 403 page using the Location header.