[PHP] Downloading files outside the webserver
Hello, I'm currently working on a multi-user filemanager, on which each user has its space on the server and can do all the basic file operations we've all seen. I've looked all over the net and the manual, but I can't seem to find the solution for what I want. The system I'm creating keeps all user files in a folder outside the webserver, this is to say, any folder the admin defines, such as /home/john/webusers . The site shows all files contained in the userdir and lets him manipulate them. Of course, I want to let the users download their files, but as they aren't inside the webserver's "scope", I just can't simply link to them. Is there any way I can implement this? To download a file located at X directory, anywhere in the system? And taking security into consideration, of course. Thanks in advance, Daniel Silva -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Downloading files outside the webserver
That is a very nice solution, the problem is, the files are stored on disk,
not on the DB. I suppose it can be addapted to work with the disk, can't it?
Cheers,
Daniel
"Marek Kilimajer" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> create a download php file:
>
>
> $res=mysql_query("select * from user_files where
filename='$GET['file']'");
>
> if($res && mysql_num_rows($res)) {
> $file=mysql_fetch_assoc($res);
> if($_GET['downaload']) {
> header('Content-Type: application/octet-stream');
> header('Content-disposition: attachment;
> filename='.basename($file['filename']));
> } else {
> header('Content-Type: '.$file['mimetype']);
> header('Content-disposition: attachment;
> filename='.basename($file['filename']));
> }
> header('Content-Length: '.filesize($file['filename']));
> readfile($file['filename']);
> } else {
> echo 'no such file';
> }
> ?>
>
> Then create a link:
> view
> download
>
> This example assumes you have a table user_files, where you store
> uploaded files with their mime types, this is a security check
>
> Daniel Silva wrote:
>
> >Hello,
> >
> >I'm currently working on a multi-user filemanager, on which each user has
> >its space on the server and can do all the basic file operations we've
all
> >seen.
> >
> >I've looked all over the net and the manual, but I can't seem to find the
> >solution for what I want.
> >
> >The system I'm creating keeps all user files in a folder outside the
> >webserver, this is to say, any folder the admin defines, such as
> >/home/john/webusers .
> >
> >The site shows all files contained in the userdir and lets him manipulate
> >them. Of course, I want to let the users download their files, but as
they
> >aren't inside the webserver's "scope", I just can't simply link to them.
> >
> >Is there any way I can implement this? To download a file located at X
> >directory, anywhere in the system? And taking security into
consideration,
> >of course.
> >
> >Thanks in advance,
> >
> >Daniel Silva
> >
> >
> >
> >
> >
> >
> >
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Downloading files outside the webserver
There's actually a function in (PHP 4 >= 4.3.0) that returns a file's MIME
type.
Here it is:
string mime_content_type ( string filename)
"Marek Kilimajer" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Yes, sure, but you many times won't know the mime type and might be
> forced to use application/octet-stream.
> You can do
> if(dirname(realpath($user_files_dir . $_GET['filename'])) ==
> $user_files_dir)
> as a security check
>
> Daniel Silva wrote:
>
> >That is a very nice solution, the problem is, the files are stored on
disk,
> >not on the DB. I suppose it can be addapted to work with the disk, can't
it?
> >
> >Cheers,
> >
> >Daniel
> >
> >
> >"Marek Kilimajer" <[EMAIL PROTECTED]> wrote in message
> >news:[EMAIL PROTECTED]
> >
> >
> >>create a download php file:
> >>
> >> >>
> >>$res=mysql_query("select * from user_files where
> >>
> >>
> >filename='$GET['file']'");
> >
> >
> >>if($res && mysql_num_rows($res)) {
> >>$file=mysql_fetch_assoc($res);
> >>if($_GET['downaload']) {
> >>header('Content-Type: application/octet-stream');
> >>header('Content-disposition: attachment;
> >>filename='.basename($file['filename']));
> >>} else {
> >>header('Content-Type: '.$file['mimetype']);
> >>header('Content-disposition: attachment;
> >>filename='.basename($file['filename']));
> >>}
> >>header('Content-Length: '.filesize($file['filename']));
> >>readfile($file['filename']);
> >>} else {
> >>echo 'no such file';
> >>}
> >>?>
> >>
> >>Then create a link:
> >>view
> >>download
> >>
> >>This example assumes you have a table user_files, where you store
> >>uploaded files with their mime types, this is a security check
> >>
> >>Daniel Silva wrote:
> >>
> >>
> >>
> >>>Hello,
> >>>
> >>>I'm currently working on a multi-user filemanager, on which each user
has
> >>>its space on the server and can do all the basic file operations we've
> >>>
> >>>
> >all
> >
> >
> >>>seen.
> >>>
> >>>I've looked all over the net and the manual, but I can't seem to find
the
> >>>solution for what I want.
> >>>
> >>>The system I'm creating keeps all user files in a folder outside the
> >>>webserver, this is to say, any folder the admin defines, such as
> >>>/home/john/webusers .
> >>>
> >>>The site shows all files contained in the userdir and lets him
manipulate
> >>>them. Of course, I want to let the users download their files, but as
> >>>
> >>>
> >they
> >
> >
> >>>aren't inside the webserver's "scope", I just can't simply link to
them.
> >>>
> >>>Is there any way I can implement this? To download a file located at X
> >>>directory, anywhere in the system? And taking security into
> >>>
> >>>
> >consideration,
> >
> >
> >>>of course.
> >>>
> >>>Thanks in advance,
> >>>
> >>>Daniel Silva
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >
> >
> >
> >
> >
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] max_execution_time and set_time_limit() problem.
I have a similar problem. I made a multiple file upload script and when the size is too big, PHP seems to ignore it, even though the files are well inside the max_upload_size... Are you sure that you aren't actually entering an infinite-loop or something? It seems odd... I can't think of nothing else right now. I know it's not much, but let us know... Cheers, Daniel Silva "Eric Wood" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Even set_time_limit(0) does extend the timeout. Always a 30 second timeout. > Any other ideas? > > thanks, > -eric wood > > > I'm uploading a large file through my web page and after 30 seconds, the > > fails with an error. I bumbed the max_execution_time parameter in > > /etc/php.ini to 600 seconds and restarted apache. Still errors at 30 > > seconds. I added set_time_limit(600); to various place in my file upload > > handling script... still errors at 30 seconds. > > > > Is this just a good 'ol bug in my Redhat 7.3 version of PHP?: > > > > $ rpm -q php > > php-4.1.2-7.3.6 > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Downloading files outside the webserver
Hello.
I tried what you suggested and it's working alright. The problem is, that it
doesn't always work. I adapted your suggestion to what I needed. Instead of
creating a file, I made a fuction that does basically the same. All listed
files are links that enable the user to download them.
So far so good. I tested it on a couple files and it worked. But it seems to
fail sometimes, showing what appears to be the contents of the HTTP-Header
and the file itself. If it's an audio file or something alike, it shows all
sorts of weird characters, I assume them to be the actual binary contents of
those files. If it's a text file, it shows the file, intact, but on the
page.
Again, I haven't been able to establish a pattern of behaviour on this. My
thesis is that the readfile function may have something to do with this, as
it stores the contents of the file in the output buffer and maybe it's
showing them.
What troubles me is the fact that it doesn't have a certain behaviour,
instead, like I said, sometimes works, and sometimes it doesn't.
Daniel
"Daniel Silva" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> There's actually a function in (PHP 4 >= 4.3.0) that returns a file's MIME
> type.
>
> Here it is:
> string mime_content_type ( string filename)
>
>
> "Marek Kilimajer" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> > Yes, sure, but you many times won't know the mime type and might be
> > forced to use application/octet-stream.
> > You can do
> > if(dirname(realpath($user_files_dir . $_GET['filename'])) ==
> > $user_files_dir)
> > as a security check
> >
> > Daniel Silva wrote:
> >
> > >That is a very nice solution, the problem is, the files are stored on
> disk,
> > >not on the DB. I suppose it can be addapted to work with the disk,
can't
> it?
> > >
> > >Cheers,
> > >
> > >Daniel
> > >
> > >
> > >"Marek Kilimajer" <[EMAIL PROTECTED]> wrote in message
> > >news:[EMAIL PROTECTED]
> > >
> > >
> > >>create a download php file:
> > >>
> > >> > >>
> > >>$res=mysql_query("select * from user_files where
> > >>
> > >>
> > >filename='$GET['file']'");
> > >
> > >
> > >>if($res && mysql_num_rows($res)) {
> > >>$file=mysql_fetch_assoc($res);
> > >>if($_GET['downaload']) {
> > >>header('Content-Type: application/octet-stream');
> > >>header('Content-disposition: attachment;
> > >>filename='.basename($file['filename']));
> > >>} else {
> > >>header('Content-Type: '.$file['mimetype']);
> > >>header('Content-disposition: attachment;
> > >>filename='.basename($file['filename']));
> > >>}
> > >>header('Content-Length: '.filesize($file['filename']));
> > >>readfile($file['filename']);
> > >>} else {
> > >>echo 'no such file';
> > >>}
> > >>?>
> > >>
> > >>Then create a link:
> > >>view
> > >>download
> > >>
> > >>This example assumes you have a table user_files, where you store
> > >>uploaded files with their mime types, this is a security check
> > >>
> > >>Daniel Silva wrote:
> > >>
> > >>
> > >>
> > >>>Hello,
> > >>>
> > >>>I'm currently working on a multi-user filemanager, on which each user
> has
> > >>>its space on the server and can do all the basic file operations
we've
> > >>>
> > >>>
> > >all
> > >
> > >
> > >>>seen.
> > >>>
> > >>>I've looked all over the net and the manual, but I can't seem to find
> the
> > >>>solution for what I want.
> > >>>
> > >>>The system I'm creating keeps all user files in a folder outside the
> > >>>webserver, this is to say, any folder the admin defines, such as
> > >>>/home/john/webusers .
> > >>>
> > >>>The site shows all files contained in the userdir and lets him
> manipulate
> > >>>them. Of course, I want to let the users download their files, but as
> > >>>
> > >>>
> > >they
> > >
> > >
> > >>>aren't inside the webserver's "scope", I just can't simply link to
> them.
> > >>>
> > >>>Is there any way I can implement this? To download a file located at
X
> > >>>directory, anywhere in the system? And taking security into
> > >>>
> > >>>
> > >consideration,
> > >
> > >
> > >>>of course.
> > >>>
> > >>>Thanks in advance,
> > >>>
> > >>>Daniel Silva
> > >>>
> > >>>
> > >>>
> > >>>
> > >>>
> > >>>
> > >>>
> > >>>
> > >>>
> > >
> > >
> > >
> > >
> > >
> >
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Downloading files outside the webserver
The problem was solved. I added a call to the exit() construct at the end of
the function and haven't had any more problems since.
I would like to thank everyone who helped me.
Cheers,
Daniel
"Daniel Silva" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hello.
>
> I tried what you suggested and it's working alright. The problem is, that
it
> doesn't always work. I adapted your suggestion to what I needed. Instead
of
> creating a file, I made a fuction that does basically the same. All listed
> files are links that enable the user to download them.
>
> So far so good. I tested it on a couple files and it worked. But it seems
to
> fail sometimes, showing what appears to be the contents of the HTTP-Header
> and the file itself. If it's an audio file or something alike, it shows
all
> sorts of weird characters, I assume them to be the actual binary contents
of
> those files. If it's a text file, it shows the file, intact, but on the
> page.
>
> Again, I haven't been able to establish a pattern of behaviour on this. My
> thesis is that the readfile function may have something to do with this,
as
> it stores the contents of the file in the output buffer and maybe it's
> showing them.
>
> What troubles me is the fact that it doesn't have a certain behaviour,
> instead, like I said, sometimes works, and sometimes it doesn't.
>
> Daniel
>
>
>
> "Daniel Silva" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> > There's actually a function in (PHP 4 >= 4.3.0) that returns a file's
MIME
> > type.
> >
> > Here it is:
> > string mime_content_type ( string filename)
> >
> >
> > "Marek Kilimajer" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]
> > > Yes, sure, but you many times won't know the mime type and might be
> > > forced to use application/octet-stream.
> > > You can do
> > > if(dirname(realpath($user_files_dir . $_GET['filename'])) ==
> > > $user_files_dir)
> > > as a security check
> > >
> > > Daniel Silva wrote:
> > >
> > > >That is a very nice solution, the problem is, the files are stored on
> > disk,
> > > >not on the DB. I suppose it can be addapted to work with the disk,
> can't
> > it?
> > > >
> > > >Cheers,
> > > >
> > > >Daniel
> > > >
> > > >
> > > >"Marek Kilimajer" <[EMAIL PROTECTED]> wrote in message
> > > >news:[EMAIL PROTECTED]
> > > >
> > > >
> > > >>create a download php file:
> > > >>
> > > >> > > >>
> > > >>$res=mysql_query("select * from user_files where
> > > >>
> > > >>
> > > >filename='$GET['file']'");
> > > >
> > > >
> > > >>if($res && mysql_num_rows($res)) {
> > > >>$file=mysql_fetch_assoc($res);
> > > >>if($_GET['downaload']) {
> > > >>header('Content-Type: application/octet-stream');
> > > >>header('Content-disposition: attachment;
> > > >>filename='.basename($file['filename']));
> > > >>} else {
> > > >>header('Content-Type: '.$file['mimetype']);
> > > >>header('Content-disposition: attachment;
> > > >>filename='.basename($file['filename']));
> > > >>}
> > > >>header('Content-Length: '.filesize($file['filename']));
> > > >>readfile($file['filename']);
> > > >>} else {
> > > >>echo 'no such file';
> > > >>}
> > > >>?>
> > > >>
> > > >>Then create a link:
> > > >>view
> > > >>download
> > > >>
> > > >>This example assumes you have a table user_files, where you store
> > > >>uploaded files with their mime types, this is a security check
> > > >>
> > > >>Daniel Silva wrote:
> > > >>
> > > >>
> > > >>
> > > >>>Hello,
> > > >>>
> > > >>>I'm currently working on a multi-user filemanager, on which each
user
> > has
> > > >>>its space on the server and can do all the basic file operations
> we've
> > > >>>
> > > >>>
> > > >all
> > > >
> > > >
> > > >>>seen.
> > > >>>
> > > >>>I've looked all over the net and the manual, but I can't seem to
find
> > the
> > > >>>solution for what I want.
> > > >>>
> > > >>>The system I'm creating keeps all user files in a folder outside
the
> > > >>>webserver, this is to say, any folder the admin defines, such as
> > > >>>/home/john/webusers .
> > > >>>
> > > >>>The site shows all files contained in the userdir and lets him
> > manipulate
> > > >>>them. Of course, I want to let the users download their files, but
as
> > > >>>
> > > >>>
> > > >they
> > > >
> > > >
> > > >>>aren't inside the webserver's "scope", I just can't simply link to
> > them.
> > > >>>
> > > >>>Is there any way I can implement this? To download a file located
at
> X
> > > >>>directory, anywhere in the system? And taking security into
> > > >>>
> > > >>>
> > > >consideration,
> > > >
> > > >
> > > >>>of course.
> > > >>>
> > > >>>Thanks in advance,
> > > >>>
> > > >>>Daniel Silva
> > > >>>
> > > >>>
> > > >>>
> > > >>>
> > > >>>
> > > >>>
> > > >>>
> > > >>>
> > > >>>
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> >
> >
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] This weird behavior is killing
Php.Net wrote: The way PHP handles includes is very weird, for example: - create a folder, name it f ex "includes" - create 2 sub-folders, call them level1 and level2 - now lets create a file, "includes.php" includes.php -- -- - now create 3 dummy files, name them dummy.php and distribute them through each folder, in each dummy.php include "includes.php" - now in the dummy.php on the last level, include the dummy.php from the level below - now try to run dummy.php from the last level ( the one with 2 includes ), what do you get ? a nice message error stating Warning: main() [function.include]: Failed opening '' for inclusion (include_path='.;C:\php5\pear') in D:\shared\www\includes\level1\dummy.php on line 2 it's like php processes the first include relative path, goes down the file system tree, stays there and then caches the path, because it doesn't reset to the including script path, it just stays there ... this is very fustrating when you must/want to include one or more files in every script, and you have several folders and sub-levels. there are several workarounds, like out them in a common folder, and add it to the include_path either directly in php.ini or using ini_set(), but that would be a real pain in the arse ... solutions ? regards, idss Before anyone asks me, yes, the behaviour is the same even with the use of include_once ou require_once =) regards, idss -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
