I want block the direct access to some of public files from my directory. For example, I have the file image.png and I have to fill a captcha to download that file, if I fail the captcha I don't want that the user could access the file. Is there any way to do that in Symfony?
First of all, create an .htaccess file inside the image directory to prevent the direct access of files inside the directory.
Deny from All
Now, give customised path, through controller to download the file, where you can easily integrate a captcha by using some bundle like Gregwar's CaptchaBundle.
On successful captcha validation, download the file through Response.
$filename = __DIR__ . "../path_to_file/image.png";
// Generate response
$response = new Response();
// Set headers
$response->headers->set('Cache-Control', 'private');
$response->headers->set('Content-type', mime_content_type($filename));
$response->headers->set('Content-Disposition', 'attachment; filename="' . basename($filename) . '";');
$response->headers->set('Content-length', filesize($filename));
// Send headers before outputting anything
$response->sendHeaders();
$response->setContent(file_get_contents($filename));
Note : Code not tested!
Hope this helps!
Related
I want to disable direct file download to my .zip files.
If my website is the referrer then only download the file.
I am using Apache server
You can try this one which will help you but I will suggest you to research more on this.However you can put the below code for the work.
Also make changes to the below code for the changes.
<?php
// This is to check if the request is coming from a specific domain domain.com
$ref = $_SERVER['HTTP_REFERER'];
$refData = parse_url($ref);
if($refData['host'] !== 'domain.com') {
// Output string and stop execution
die("Hotlinking not permitted");
}
echo "Executing code here";
?>
You need to change your domain above eg. clubapk.com instead of domain.com
I need to export my target path and request path url's of my products and categories.
custom code :
<?php
require_once('app/Mage.php');
Mage::app();
$data=Mage::getModel('core/url_rewrite')->getCollection();
$fp = fopen('exports.csv', 'w+');
$csvHeader = array('request_psth',"target_path");
fputcsv( $fp, $csvHeader,",");
foreach($data as $row)
{
fputcsv($fp, array($row->getData('request_path'),$row->getData('target_path')), ",");
}
fclose($fp);
?>
Its working in my localhost, and i get export file, when i try to applied on hosting site, its not working.
i have post my code via ftp, like
screen shot
You should upload the product to the magento root directory, then only it will work as it is including Mage.php.
Also make sure your file has enough permission to execute. Once you uploaded the file using ftp, change the permission by
Right click on the file, select File permissions type 755 in the text field
I use CakePHP-Upload plugin, now need to use the upload without form, following this example: Programmatic File Retrieval without a Form
All my upload are stored in the associated model, called the Attachment.
So when I save the article, at the same time save the images in Attachmen model.
Plugin documentation suggests something like this:
<?php
$this->Article->set(array('file' => $image_path)); // ?????
$this->Article->save();
?>
I have a larger collection of images on the server, previously uploaded via the Joomla CMS, now I have a migration of data to a custom CMS built on CakePHP framework. I need to take all these pictures and upload again, through this plugin.
How to properly use this plugin for my needs, I try to put the path to a local picture, but uploading is not working ???
EDIT
$image_path = WWW_ROOT . 'img' . DS . 'attachment' . DS . '59'.DS.'hpim4799.jpg';
debug($image_path);
'C:\xampp\htdocs\portal\webroot\img\attachment\59\hpim4799.jpg'
Do not save the record and not create new images.
Note, uploading through HTML form works well, I use windows 7 and xampp server.
EDIT 2 / Solution
Image path must be valid url like 'http://localhost/portal/img/attachment/59/hpim4799.jpg'
$image_path = Router::url('/', true) . 'img/attachment/59/hpim4799.jpg';
Thank you.
Can you tell me what the content of the variable $image_url is? The doucmentation says you can add a file via the form, or you can do it programmatically. If you do that, use the $image_url as path to the image. If you got an associated model like Attachment you shoud use:
<?php
$this->Article->set(array('Attachment.file' => $image_path)); // path + file to file
$this->Article->save();
?>
After hours of searching for solutions and detailed inspection of the Behavior code I finally found it.
Because Behavior uses php FILTER_VALIDATE_URL Filter, path must be a valid URL. Here is an example:
<?php
$image_path = Router::url('/', true) . 'img/attachment/59/hpim4799.jpg';
// return http://localhost/portal/img/attachment/59/hpim4799.jpg
$this->Article->Attachment->set(array('file' => $image_path));
$this->Article->Attachment->save();
?>
When I am saving a file in a img/upload folder the file is saved with the correct file-extension.
However, when I try to download the file, a .htm file-extension is appended.
How can I avoid this? I've added my code below;
view.ctp
<?php echo $this->Form->label("Resume:");?>
<?php echo $this->Form->input("resume",array("class"=>"input_boxstyle_select","label"=>"","type"=>"file","id"=>"file"));?>
<?php echo $editEmpPros[0]['prospective_employee']['resume']?>
Inside my controller:
public function download_resume($id=null)
{
$LUser = $this->Session->read('username');
$this->disableCache();
if (!$LUser) {
$this->redirect(array("action"=>"../"));
}
$path="../webroot/img/upload/$id";
header('Content-Disposition: attachment'); readfile($path);
//print_r(readfile($path));
exit;
}
Handling file-downloads in CakePHP 2.x
While other solutions may work, CakePHP handles the response via the CakeResponse object. This chapter in the manual describes how to send (download) files; Sending Files
The response will automatically attempt to set the right mime-type, based on the file-extension
To output the file (inside the browser);
$this->response->file(WEBROOT_DIR . '/img/upload/' . $filename);
//Return reponse object to prevent controller from trying to render a view
return $this->response;
To download the file (and, optionally, specify a custom filename)
To force downloading the file and specify a custom filename (if desired), use this code. CakeResponse object will automatically set the right headers, so manually specifying a custom filename should not be necessary
// To force *downloading* the file and specify a custom filename (if desired)
$this->response->file(
WEBROOT_DIR . '/img/upload/' . $filename,
array(
'download' => true,
'name' => 'custom-filename-for-downloading'
)
);
return $this->response;
You can give the filename in the Content-Disposition header too, like this:
Content-Disposition: attachment; filename="foo.bar"
Depending on the browsers you have to support you could also use the download attribute of HTML5:
my link
you have to set some parameter as here i am giving you one example to download PDF file
<?php
// We'll be outputting a PDF
header('Content-type: application/pdf');
// It will be called downloaded.pdf
header('Content-Disposition: attachment; filename="downloaded.pdf"');
// The PDF source is in original.pdf
readfile('original.pdf');
?>
Please make parameter as you need..
let me know if i can help you more.
I'm currently working with cakephp and I am generating a word document. My problem is how can I put the generated document on my web root and not as a download.
I am guessing you are using an action to generate a document, which gets output to the browser.
You should either use output buffering to "catch" the output and then write it to a file, or write the document data to a string, and write that string to a file on the server.
EDIT:
PHPWord has a SAVE method. In your action, you can save the document to a certain location, but output something else, i.e. success notification. This way, your action only generates the file:
public function generateWordDocument(){
//... your word file creation...
$wordDocumentLocation = TMP . 'word_files/';
$objWriter = PHPWord_IOFactory::createWriter($PHPWord, 'Word2007');
$objWriter->save($wordDocumentLocation . 'helloWorld.docx');
$this->Session->setFlash('Document generated!');
$this->redirect(array('action'=>'index')); //or wherever you want
}
If you want to protect that file, you could save the file to a "secure" folder (this can either be a folder outside the "app/webroot" folder, or a folder protected with .htaccess deny all instruction) and than use another action, like "getWordDocument":
function getWordDocument($documentName){
$wordDocumentLocation = TMP . 'word_files/';
if (file_exists($wordDocumentLocation . $documentName)) { //this is not really the safest way of doing it
$fp = fopen($wordDocumentLocation . $documentName, 'rb');
header("Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document");
header("Content-Length: " . filesize($wordDocumentLocation . $documentName));
fpassthru($fp);
exit();
}
}
Please note, that this code is just for "grasping the concept" and is in no way safe or optimal.
i think you want to add file in webroot but it is not downloadable for public users ,
You have several ways :
- protect folders with .htaccess (Like Js folder)
- create new folder in app folder like webroot and put files in it
- use Dispatcher Filters in cakephp : http://book.cakephp.org/2.0/en/development/dispatch-filters.html
and ....