Jump to content

How to URL link to files outside of webroot

andre1990

By andre1990
in PHP Coding Help

 Share

Recommended Posts

andre1990 Newbie

andre1990

Posted
Posted

So i have a file uploader that allows people to upload files to the server and then download them via a URL.

 

I want to store uploaded files outside of the Root. (One level up from the root in a folder called Uploads)

 

Code snippet

 

$server = "http://www.mysite.com";

$name = $_FILES['file']['name'];
$temp = $_FILES['file']['tmp_name'];
$size = $_FILES['file']['size'];

$destination = '../uploads/'. $random;
mkdir($destination);
move_uploaded_file($temp, $destination."/".$name);

$final = $server."/".$destination."/".$name;

 

This...

 

$destination = '../uploads/' . $random ;

 

Didn't work, any tips?

andre1990 Newbie

andre1990

Posted
  • Author
Posted

How do you mean? I've tried to make some progress (below):

 

BEFORE

 

<?php
ob_start();

session_start();

$extensions = array("jpg", "png","jpeg", "gif", "zip", "rar", "swf", "tiff", "bmp", "txt", "fla", "7z", "tar", "gz", "iso", 

"dmg", "mp3", "wav", "m4a", "aac", "doc", "docx", "xls", "rtf", "ppt", "bsd", "exe", "psd", "c4d", "pdf", "dwg", "max", "ipa", 

"vtf", "iam", "ipt", "flv", "cap", "scr");
$maxsize = 104288000;
$server = "http://www.andredomain.com";

$name = $_FILES['file']['name'];
$temp = $_FILES['file']['tmp_name'];
$size = $_FILES['file']['size'];

$random = md5(uniqid(rand(), true));
$random = substr($random, 0, 20);

if (!$name || !$temp || !$size)
{
   echo "Go back and select a file.";
   exit();
}

foreach ($_FILES as $file)
{
if ($file['tmp_name'] != null) 
{
$thisext1=explode(".", strtolower($file['name']));
$thisext=$thisext1[count($thisext1)-1];
  if (!in_array($thisext, $extensions))
  {
    echo "That file type is not allowed.";
   exit(); 
  }
}
}

if ($size > $maxsize)
{
   echo "File size too big.";
   exit();
}

$destination = 'Uploads/' . $random ;
mkdir($destination);
move_uploaded_file($temp, $destination."/".$name);

$final = $server."/".$destination."/".$name;

$contents = file_get_contents("http://is.gd/create.php?format=simple&url=$final");


?>

 

AFTER

 

<?php
ob_start();

session_start();

$extensions = array("jpg", "png","jpeg", "gif", "zip", "rar", "swf", "tiff", "bmp", "txt", "fla", "7z", "tar", "gz", "iso", 

"dmg", "mp3", "wav", "m4a", "aac", "doc", "docx", "xls", "rtf", "ppt", "bsd", "exe", "psd", "c4d", "pdf", "dwg", "max", "ipa", 

"vtf", "iam", "ipt", "flv", "cap", "scr");
$maxsize = 104288000;
$server = "/var/www/vhosts/andredomain.com/Uploads";

$name = $_FILES['file']['name'];
$temp = $_FILES['file']['tmp_name'];
$size = $_FILES['file']['size'];

$random = md5(uniqid(rand(), true));
$random = substr($random, 0, 20);

if (!$name || !$temp || !$size)
{
   echo "Go back and select a file.";
   exit();
}

foreach ($_FILES as $file)
{
if ($file['tmp_name'] != null) 
{
$thisext1=explode(".", strtolower($file['name']));
$thisext=$thisext1[count($thisext1)-1];
  if (!in_array($thisext, $extensions))
  {
    echo "That file type is not allowed.";
   exit(); 
  }
}
}

if ($size > $maxsize)
{
   echo "File size too big.";
   exit();
}

$destination = '../uploads/' . $random ;
mkdir($destination);
move_uploaded_file($temp, $destination."/".$name);

$final = $server."/".$destination."/".$name;

$contents = file_get_contents("http://is.gd/create.php?format=simple&url=$final");

$filesource = '/var/www/vhosts/andredomain.com/Uploads';

$myfile = file_get_contents('$filesource."/".$destination."/".$name');


?>

<?php ob_start(); ?>

<!DOCTYPE html>
<html>
<head>
<title>File Uploaded!</title>
<link rel="stylesheet" href="style.css" type="text/css">
<link REL="SHORTCUT ICON" HREF="images/favicon.ico">
</head>
<body>
<div id="topbar">
	<div class="content">
		<div class="logo"><img src="images/logo.png" height="90"/></div>
	</div>
</div>
<div id="navbar">
	<ul>
		<li><a href="http://www.uploadvillage.com" id="active">Uploaded! Back Home?</a></li>
		<li><a href="http://www.uploadvillage.com/tos.php">TOS</a></li>
		<li><a href="http://www.uploadvillage.com/faq.php">FAQ</a></li>
		<li><a href="http://www.uploadvillage.com/contact.php">Contact Us</a></li>
		<li><a href="http://www.uploadvillage.com/donate.php">Donate</a></li>
	</ul>
</span>
</center>
<div id="main"><center>
     <div id="side1"><br><BR><BR>
<br /><strong>Uploaded!</strong><br />       
        <span class="small">
        <br />
Bypass  Filter (SHORT URL):<br />




<input type="text" size="10" onClick=select() value="<?php echo  $contents;?>" READONLY><p />

        Direct download :<br />
        <input type="text" size="28" onClick=select() value="<?php echo $final; ?>" READONLY><p />
        Forum Code download/view:<br />
        <input type="text" size="38" onClick=select() value="[url]<?php echo $final; ?>[/url]" READONLY><p />
<a href="<?php echo $server; ?>/delete.php?filename=<?php echo $name; ?>&folder=<?php echo $destination; ?>">Delete your file?

</a>

        </span>	
			<div class="clear"></div></center>
		</div></CENTER>
<br><center><span class="small">© Upload Village 2010.</span></center>
<center><a href="http://www.facebook.com/pages/UploadVillagecom/186225441417890"><img src="images/facebook.ico"></a></center>
	</div>
	</div>
	<div class="clear"></div>
</div>
</body>
<script type="text/javascript">

  var _gaq = _gaq || [];
  _gaq.push(['_setAccount', 'UA-17632658-8']);
  _gaq.push(['_trackPageview']);

  (function() {
    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
  })();

</script>
</html>

trq Prolific Member

trq

Posted
Posted

If the files are uploaded to a location outside of your web root, they are not accessible from the web. It's that simple.

 

if you want to make them accessible, either move them, or write a script to serve them to a client.

 

Now, do you have a question?

andre1990 Newbie

andre1990

Posted
  • Author
Posted

Yes, i have a question!

 

So i have files in:

 

/var/www/vhosts/site.com/Uploads

(One step above root)

 

How do i serve these files to people so they can download them? I'd like to provide a url or something?

 

$yourfile = ("/var/www/vhosts/site.com/Uploads/ . $random . $name. ")

Where $random and $name are defined elsewhere, then just echo yourfile out?

 

Will that auto download the file when you click a link?

 

I think i need to symlink?

watsmyname Member

watsmyname

Posted
Posted

hi,

lets say your server root is /home/somefolder/public_html

and a folder outside root is /home/somefolder/uploads. and you want to upload files to this folder. The path to upload in your script[considering your script is in your server root folder] will be

$path=realpath("../../uploads/")."/";

this way you can upload file in folder outside the root. While uploading the file you should make the entry on database too.

Now let user download this file.

1. Make a script say download.php on your root folder

2. your link to download file will be http://www.yoursite.com/download.php?fileid=12

3. Now you get the filename from database by querying with the fileid. lets say $filename holds the name of the file you retrieve from database.

4. Search for php FORCE DOWNLOAD in Google.

5  Now your file path will be

$pathtodownload=realpath("../../uploads/")."/".$filename;

 

6. then use this path to force user download your file

 

hope this helps

 

andre1990 Newbie

andre1990

Posted
  • Author
Posted

so files are uploaded to a non web accessible directory on my server, but i want to provide a URL or some for of download access to these files. Below is my attempt, but it isn't working.

 

$destination = $_SERVER["DOCUMENT_ROOT"] . "/../Uploads/" . $random;
mkdir($destination);
move_uploaded_file($temp, $destination."/".$name);

// OLD LINE $final = $server."/".$destination."/".$name;

$yourfile = readfile('var/www/vhosts/site.com/'.$destination.'/'.$name');

 

and i then echo our $yourfile:

 

<?php echo $yourfile; ?>

 

elsewhere.

 

I either get a failed to open stream, or a huge long string. Or it just doesnt work.

 

Is there any solution to just download the file on request via URL?

 

I want to keep the directory non web accessible.

awjudd Member

awjudd

Posted
Posted

I think you are missing a / in front of the path in readfile.  As it stands right now, it is looking in a subdirectory for a var/www/vhosts... when I think you actually want it to be from /var/www .... And how is $name populated, you never said in your post.  If you echo the actual path you are passing into readfile, is it the file you expect?

 

~juddster

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.