Jump to content

allow user to download from site securely ?


garyed

Recommended Posts

I have a site where I want another user that has a password fills out a form & it then downloads to my server. I want them to be able to then download that file from my site at the same time the form is submitted.

I've tried adding this code to the bottom of the php file that the form points to but it just displays the file on the screen instead of downloading to the user's computer.

<?php
$file = '/site/downloadfile';

if (file_exists($file)) {
    header('Content-Description: File Transfer');
    header('Content-Type: application/octet-stream');
    header('Content-Disposition: attachment; filename="'.basename($file).'"');
    header('Expires: 0');
    header('Cache-Control: must-revalidate');
    header('Pragma: public');
    header('Content-Length: ' . filesize($file));
    readfile($file);
    exit;
}
?>

      if I put the same code in a separate file it works perfectly but i don't want to add another file if i can help it.

Any help appreciated

 

Link to comment
Share on other sites

1 hour ago, garyed said:

I've tried adding this code to the bottom of the php file that the form points to but it just displays the file on the screen instead of downloading to the user's computer.

You have some sort of output happening. Make it not happen before the download portion. Possibly by moving that code closer to the top of the file.

Link to comment
Share on other sites

2 minutes ago, garyed said:

But I don't want use another file to do it. I have a shared hosting package & I'd like to at least keep that info along with a database password in one file.

Know that it really doesn't make any difference. The same code in one file is just as good (or bad) as the same code in another file.

Link to comment
Share on other sites

22 minutes ago, requinix said:

You have some sort of output happening. Make it not happen before the download portion. Possibly by moving that code closer to the top of the file.

I think that's the problem but I need all the code I have before it because that it what I use to access the database & create the file that I want the user to download.

The funny thing is it all works fine in one single file on my Apache server but when I upload the same code to my web host (1and1), instead of downloading it spits the text out to the screen.    

Link to comment
Share on other sites

When I said it spits the text out to the screen, I meant the text of the file(.csv) to be downloaded. The php file makes a .csv file from a database & then puts it on the server so it can be downloaded by the user. I'm trying to do it all in one password protected file.  What is happening is instead of the file being downloaded, it's text is being output to the screen. If I put the same code I posted above in a separate php file & point to it from the original php file then everything works as planned. 

Link to comment
Share on other sites

1 minute ago, garyed said:

When I said it spits the text out to the screen, I meant the text of the file(.csv) to be downloaded. The php file makes a .csv file from a database & then puts it on the server so it can be downloaded by the user. I'm trying to do it all in one password protected file.  What is happening is instead of the file being downloaded, it's text is being output to the screen. If I put the same code I posted above in a separate php file & point to it from the original php file then everything works as planned. 

Which is what my first post addressed.

Link to comment
Share on other sites

2 hours ago, requinix said:

Which is what my first post addressed.

So am i right in assuming that since I'm already using the php file to create & send the .csv file to my server that the only way for the user to download that file using the code I posted in my opening post would be in a separate file?

Link to comment
Share on other sites

2 minutes ago, garyed said:

So am i right in assuming that since I'm already using the php file to create & send the .csv file to my server that the only way for the user to download that file using the code I posted in my opening post would be in a separate file?

Not if they guessed where the file is.

I'm about 99% sure that you don't need to be creating files on the server. Not if you're just going to turn around and send it to the user. You don't need actual files to do that. Do whatever you're doing to create the file, but instead of putting it in a file you output it.

Link to comment
Share on other sites

1 hour ago, requinix said:

Not if they guessed where the file is.

I'm about 99% sure that you don't need to be creating files on the server. Not if you're just going to turn around and send it to the user. You don't need actual files to do that. Do whatever you're doing to create the file, but instead of putting it in a file you output it.

That's really what I want to do but i can't figure out how to do it. It's only one user that I'm dealing with that I'm doing the site for. They just want to be able to put the contents of the mysql database into an excel spreadsheet. Since the database is changing every day I just want them to be able to login & download any time they want. I've already set it up where they can view the database at any time & I got it where each table can be converted to a csv file for excel but I don't know how to get it so it will download to their computer. That's where I'm stuck. I've been searching online for a way to do it & haven't been very successful. That's why I thought I'd have to download the file to the site first before they could download it to their computer. Any help appreciated

Link to comment
Share on other sites

Okay, here goes & it might not be pretty. What I don't understand is if I type in my ip address & the path in my browser it will access my Apache server & mysql db, put the csv file on my server then automatically download it to my default browser directory. That is exactly how I intended for the code to work. When I upload it to my web host then it does everything except download to my computer. Anyways I would much rather do as suggested & never put the file on the server & just directly download it to the user's computer who has the password to access the php fil

<?php
///////// Turn table into a .csv file & put it on server ////////////////////
 if(isset($_POST["first_page"]))  // makes sure there is a submit value from the first page    
 {  
       
      $_table=$_POST['table_name']; // gets the table name from first page 
      include ("mysql_login.php");  // opens mysql with $db as database variable
     
       // If statement is for the choice between two tables
       // Gets the results of the table & puts it in a .csv file on the server
     if ($_table=="table1") {
      $output = fopen("table1.csv", "w");  
     fputcsv($output, array('id', 'First', 'Last', 'email', 'phone'));  
       }
       else  {
    $output = fopen("table2.csv", "w");  
    fputcsv($output, array('id', 'First', 'Last', 'email', 'phone'));  
     } 
 $query = "SELECT * from $_table ORDER BY id ASC" or die ("Help it ain't working");  
      $result = mysqli_query($con, $query);  
      while($row = mysqli_fetch_assoc($result))  
      {  
           fputcsv($output, $row);      
      }  
          
       fclose($output); 

  } 
/////////////////////  download file to user's computer depending on which table was chosen /////

 if ($_table=="table1") {
 $file = './table1.csv';

 if (file_exists($file)) {
    header('Content-Description: File Transfer');
    header('Content-Type: application/octet-stream');
    header('Content-Disposition: attachment; filename="'.basename($file).'"');
    header('Expires: 0');
    header('Cache-Control: must-revalidate');
    header('Pragma: public');
    header('Content-Length: ' . filesize($file));
    readfile($file);
 exit;
 }

}
else {
$file = './table2.csv';

if (file_exists($file)) {
    header('Content-Description: File Transfer');
    header('Content-Type: application/octet-stream');
    header('Content-Disposition: attachment; filename="'.basename($file).'"');
    header('Expires: 0');
    header('Cache-Control: must-revalidate');
    header('Pragma: public');
    header('Content-Length: ' . filesize($file));
    readfile($file);
   
  exit;
  }

}

 ?>  

e.   

Link to comment
Share on other sites

Here is the simpler code that I first used:

<?php  
     
 if(isset($_POST["first_page"]))   {  
        
     $_table=$_POST['table_name']; // gets the table name from first page 
      include ("mysql_login.php");  // opens mysql with $con as the database variable
      header('Content-Type: text/csv; charset=utf-8');  
      header('Content-Disposition: attachment; filename=table.csv');  
      $output = fopen("php://output", "w");  
     
     fputcsv($output, array('id', 'First_name', 'Last_name', 'email', 'phone'));  

 $query = "SELECT * from $_table ORDER BY id ASC" or die ("Help");  
      $result = mysqli_query($con, $query);  
      while($row = mysqli_fetch_assoc($result))  
      {  
           fputcsv($output, $row);  
  }  
          
      fclose($output);  
 } 

 ?>  

This works perfectly on my server. If you enter the link to my server it downloads right into the browser default download directory. It just doesn't work when i upload it to my web host. The same code just prints the .csv file to the screen instead of downloading.   

 

Link to comment
Share on other sites

27 minutes ago, requinix said:

Go with the second code.

So you have that code in a place that receives the form data and (tries to) output the file. What's the code for the entire script?

The code in the last post is pretty much it. That is where the problem lies.   I tried taking away the if statement & substituting the name of a table so i could run that file by itself & it works fine on my server. I do the same thing on my web host server & instead of the file downloading it displays the full text of the file on the screen. I'm starting to think that there is nothing wrong with the code & that there is a problem with my web host settings. If you or anyone here using a mysql database can test this code on your server I would appreciate it.       

<?php  
             
     $_table="table1"; // gets the table name from first page 
      include ("mysql_login");  // opens mysql with $con as the database variable
      header('Content-Type: application/octet-stream');  
      header('Content-Disposition: attachment; filename=table.csv');  
      $output = fopen("php://output", "w");  
     
    fputcsv($output, array('id', 'First_name', 'Last_name', 'email', 'phone'));  

 $query = "SELECT * from $_table ORDER BY id ASC" or die ("Help");  
      $result = mysqli_query($con, $query);  
      while($row = mysqli_fetch_assoc($result))  
      {  
           fputcsv($output, $row);  
  }  
          
      fclose($output);  

 ?>  

 

Link to comment
Share on other sites

Here is the message that is displayed at the top of the same page where the text of the file is displayed:

Quote

Warning: Cannot modify header information - headers already sent by (output started at /safehome/723/e295680273/htdocs/xdata/tables.php:1) in /safehome/723/e295680273/htdocs/xdata/tables.php on line 9

Warning: Cannot modify header information - headers already sent by (output started at /safehome/723/e295680273/htdocs/xdata/tables.php:1) in /safehome/723/e295680273/htdocs/xdata/tables.php on line 10

 

Link to comment
Share on other sites

19 minutes ago, requinix said:

Make sure there is no whitespace before the opening <?php. Absolutely nothing at all.

If you're sure you've removed everything, make sure your editor is not saving files in UTF-8 with BOM format. UTF-8 is fine. BOM is not.

You are the man!! 

That did it, I removed the white space & it works like a top .

I've been working on this for three days & couldn't figure out what I was missing.

Thanks again 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.