Downloading Files

mdub2112

My Document Root is /var/www/html
I've created a directory /var/www/uploads

I've created an area where users login and can upload files to a folder above the Doc Root. How can I display a link so that if needed, users can download those files?

Currently I have

 echo "<td><a href='{$uploads['file']}' target='_blank'>
                {$uploads['title']}<br />
                </a>";

The table is 'uploads' and the field is 'file'. The display works correctly; however, the link of course goes to www.sitename.com/var/www/uploads/filename.ext as the 'file' field simply holds the file path and name.

Any help appreciated

sneakyimp

there are two steps
1) send a header with the correct mime type...i'm not so good at this but it involves sending a MIME type for your file (which you'll have to probably find yourself) and it's also good practice to send a filesize in bytes...not sure exactly how to do the size thing.
2) read the contents of the file to the user.

try something like this from the php documentation:

<?php
// We'll be outputting a PDF
header('Content-type: application/pdf');

// It will be called downloaded.pdf
header('Content-Disposition: attachment; filename="downloaded.pdf"');

// The PDF source is in original.pdf
// NOTE:  for you this should be /var/www/uploads/$filename
readfile('original.pdf');
?>

sneakyimp

ps: to give the user a link to a downloaded file, you should make a link to that script above. think of the script as the 'operator' that will connect you to the file you want to download. you will need to supply the correct parameters (like the name of the file to be downloaded, your username, etc.) to the script and it will fetch the file for you after authenticating the user or whatever.

mdub2112

What if it is various mime types?
I'm basically using bmp, gif, jpg, psd, tif, tiff, doc, xls, & pdf

c9679

Wouldnt this work, to just remove the info you dont need in the link?

$uploads = str_replace("/var/www", "", $uploads['file']);
echo "<td><a href='$uploads' target='_blank'>{$uploads['title']}</a><br />";

sneakyimp

I think his uploads folder is outside the html directory, meaning that apache won't serve it due to permissions or the httpd config or whatever.

The $_FILES array might tell you the mime type of files that get uploaded. You could store it in your database. Try searching the docs at php.net for 'uploading'

I'm not at all sure exactly how MIME types work, but I think that browsers will communicate it to your server when handing off the file. You can't rely on the file extension (such as '.jpg') because Macs don't necessarily have them.

Also, I think it would be good if your upload script examined whatever mime types that people upload to prevent them from uploading viruses or executables or trojans or whatever. In other words, you should have a set of 'acceptable mime types' and reject any that aren't listed there.

If you set up your code correctly, you can report which mime types your scripts are rejecting either in an error message (e.g., "Sorry but files of type 'application/exe' are not permitted') or you can log it.

mdub2112

sneakyimp,

You're correct, my 'uploads' directory is above my html folder.
I am doing (ok, going to do) the mime checks and what not, right now I'm concerned with getting the path to show up.

Looking up, I see that you had the code of

<?php
// We'll be outputting a PDF
header('Content-type: application/pdf');

// It will be called downloaded.pdf
header('Content-Disposition: attachment; filename="downloaded.pdf"');

// The PDF source is in original.pdf
// NOTE:  for you this should be /var/www/uploads/$filename
readfile('original.pdf');
?>

In the comment, where you state "NOTE: for you this should be....."
Are you saying that I should have readfile('/var/www/upload/$filename'); there ?

sneakyimp

In the comment, where you state "NOTE: for you this should be....."
Are you saying that I should have readfile('/var/www/upload/$filename'); there ?

$filename will not be evaluated as a PHP variable if you use single quotes. You could use double quotes:

readfile("/var/www/upload/$filename");

But that could be error prone if the file doesn't exist or something. You should get in the habit of reporting errors and preparing for problems that might arise. If readfile didn't work, it could be because the file wasn't found or whatever...maybe you mistyped the path or something.

try some error checking:

$filename = 'foobar.pdf'; // this will come from your database;
$filetype = 'application/pdf'; // so should this, your MIME type

$filepath = '/var/www/upload/' . $filename; // you should probably put the path to your files in a var or constant in case it needs to change for any reason

if (!file_exists($filepath)) {
  die('SORRY!, <b>' . $filepath . '</b> could not be found.');
} else {
  // This tells the user's browser what to open the file with
  header('Content-type: ' . $filetype);

  // The suggested name will be $filename if they choose to save it somewhere
  header('Content-Disposition: attachment; filename="' . $filename . '"');

  // The PDF source is in your upload folder
  readfile($filepath); 
}

You should get in the habit of learning what PHP functions do...it's real easy, just go to php.net/function_name like this:

http://php.net/readfile

mdub2112

Oh, I hadn't even attempted the code you suggested yet.
I was simply asking if that was how I would do it by the time I got to work today.

I do believe you have kindly answered my question.

Thanks for all your help.