Displaying files
This is a discussion on Displaying files within the PHP General forums, part of the PHP Programming Forums category; On 8/15/08, Dan Shirah <mrsquash2@gmail.com> wrote: > > Wow, I think it finally clicked. &...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-15-2008
|
|||
|
|||
Re: [PHP] Displaying files
On 8/15/08, Dan Shirah <mrsquash2@gmail.com> wrote:
> > Wow, I think it finally clicked. > > Sorry that took so long. > That's fine, sorry if I sounded rude or something. I didn't mean it. The whole point behind using PHP was to try and copy or call the file from > the server side so the user does not see the path to the document. Using > HTML and Javascript it is extrememly easy to just view source and see the > path. Whereas using PHP it would take the regular user a bit more work to > view the path which is why I wanted to go that route. But having to grant > the anonymous internet account access to the server would be just as bad if > not worse. > My guess is worse. :) My application retrieves a list of docments that the user can view based on > search criteria. When the user clicks on the document I wanted to somehow > mask the location the document is being pulled from. HTML and Javascript > are so easy to circumvent, even to the everyday user that I wanted to do > something with PHP since it's code is not viewable when you view source > since it is run on the server. > > Have any of you attempted something like this? > You can have a php file called something like getFile.php where you pass parameters like getFile.php?file=123 and it returns the file (with proper headers). But that way you'd have to map all file paths to a database. Then you could access them thru codes, but remember to check user permissions before handling him the file as you'd have a serious problem. Aside of that, at the moment I can't figure another way of serving files for a user hiding them the path for it. I'd be happy to see what others have in mind. :) -- Thiago Henrique Pojda 
|
|
08-15-2008
|
|||
|
|||
|
Re: [PHP] Displaying files
On Aug 15, 2008, at 9:57 AM, Dan Shirah wrote: > Wow, I think it finally clicked. > > Sorry that took so long. > > The whole point behind using PHP was to try and copy or call the > file from > the server side so the user does not see the path to the document. > Using > HTML and Javascript it is extrememly easy to just view source and > see the > path. Whereas using PHP it would take the regular user a bit more > work to > view the path which is why I wanted to go that route. But having to > grant > the anonymous internet account access to the server would be just as > bad if > not worse. > > My application retrieves a list of docments that the user can view > based on > search criteria. When the user clicks on the document I wanted to > somehow > mask the location the document is being pulled from. HTML and > Javascript > are so easy to circumvent, even to the everyday user that I wanted > to do > something with PHP since it's code is not viewable when you view > source > since it is run on the server. > > Have any of you attempted something like this? What about using some type of a dispatch script? Locate all the files outside of the doc root and then just call: viewdocument.php? ID=12345678 ? Although now that I've typed that I realize that you would still be running the same issue.. Unless you used javascript in your PHP to call the file maybe? -- Jason Pruim Raoset Inc. Technology Manager MQC Specialist 11287 James St Holland, MI 49424 www.raoset.com japruim@raoset.com
|
|
08-15-2008
|
|||
|
|||
|
Re: [PHP] Displaying files
> What about using some type of a dispatch script? Locate all the files
>> outside of the doc root and then just call: viewdocument.php?ID=12345678 ? >> Although now that I've typed that I realize that you would still be running >> the same issue.. Unless you used javascript in your PHP to call the file >> maybe? > > Hmmm, what if I tried to use PHP to write a simple batch file? Use the batch file to copy the selected file from one server to another. And then open the copied file using any method I wanted since it's new location would be in a temp directory? And then maybe use if_exists() to see if the new file is located in the temp directory and if it is, display it. The only issue there might be when a file is really large or the network is sluggish and it could take 1-5 seconds for the file to copy over. In which case if_exists() would be false since it is taking a while for the file to copy. Hmmm.
|
|
08-15-2008
|
|||
|
|||
|
Re: [PHP] Displaying files
On 15 Aug 2008, at 15:17, Dan Shirah wrote:
> What about using some type of a dispatch script? Locate all the > files outside of the doc root and then just call: viewdocument.php? > ID=12345678 ? Although now that I've typed that I realize that you > would still be running the same issue.. Unless you used javascript > in your PHP to call the file maybe? > > Hmmm, what if I tried to use PHP to write a simple batch file? Use > the batch file to copy the selected file from one server to > another. And then open the copied file using any method I wanted > since it's new location would be in a temp directory? > > And then maybe use if_exists() to see if the new file is located in > the temp directory and if it is, display it. > > The only issue there might be when a file is really large or the > network is sluggish and it could take 1-5 seconds for the file to > copy over. In which case if_exists() would be false since it is > taking a while for the file to copy. Hmmm. PHP *cannot* access those files. Doesn't matter if you call a batch file from the PHP since that will still be running as PHP. Your best bet would be to run a periodic sync to copy the files across from the other server but it would have to run outside the IIS process. There are plenty of solutions around for doing this and they have nothing to do with PHP. You can then refer to the local copy of the file from PHP and it will then work. -Stut -- http://stut.net/
|
|
08-15-2008
|
|||
|
|||
|
Re: [PHP] Displaying files
>
> Your best bet would be to run a periodic sync to copy the files across >> from the other server but it would have to run outside the IIS process. >> There are plenty of solutions around for doing this and they have nothing to >> do with PHP. You can then refer to the local copy of the file from PHP and >> it will then work. > > This isn't very feasible because the server that contains the documents contains almost 1 terabyte worth of documents and continues to grow in size. No way I would want to mirror that amount of information just to hude the file path. Instead of just making and executing a batch file, maybe there is a way for PHP to call a scheduled task? Since within a scheduled task you specify what username/password is used to execute it I may be able to get it to work?
|
|
08-15-2008
|
|||
|
|||
|
Re: [PHP] Displaying files
On 15 Aug 2008, at 15:41, Dan Shirah wrote:
> Your best bet would be to run a periodic sync to copy the files > across from the other server but it would have to run outside the > IIS process. There are plenty of solutions around for doing this and > they have nothing to do with PHP. You can then refer to the local > copy of the file from PHP and it will then work. > > This isn't very feasible because the server that contains the > documents contains almost 1 terabyte worth of documents and > continues to grow in size. No way I would want to mirror that amount > of information just to hude the file path. > > Instead of just making and executing a batch file, maybe there is a > way for PHP to call a scheduled task? Since within a scheduled task > you specify what username/password is used to execute it I may be > able to get it to work? A scheduled task is messy. IIWY I'd use FTP to pull the file over, but that's still pretty messy. If this is an Intranet then the risks involved in giving that user access to the network is minimal and probably would be the best solution. Alternatively you could set up an HTTP server on the document server and proxy the documents through the IIS server (readfile should be happy to take an HTTP URL unless you've disabled it in php.ini, and the end user will never see the actual URL). -Stut -- http://stut.net/
|
|
08-15-2008
|
|||
|
|||
|
Re: [PHP] Displaying files
>
> A scheduled task is messy. IIWY I'd use FTP to pull the file over, but > that's still pretty messy. > > If this is an Intranet then the risks involved in giving that user access > to the network is minimal and probably would be the best solution. > Alternatively you could set up an HTTP server on the document server and > proxy the documents through the IIS server (readfile should be happy to take > an HTTP URL unless you've disabled it in php.ini, and the end user will > never see the actual URL). I agree, it is really messy to work with and prone to lots of complications. This application will be used within our network, but will also be used by a sister agency that is not in our network. Which is why we do not want the document server complete path floating inbetween us and them where it could be intercepted by an outside user. Reading the documents through as a URL would be so nice and probably the easiest method to accomplish this, but the "God's Above" want it to remain strictly a file server. I guess I will start looking into FTP'ing them between servers as that may be the simplest solution at this point.
|
|
08-15-2008
|
|||
|
|||
|
Re: [PHP] Displaying files
On Aug 14, 2008, at 3:29 PM, Dan Shirah wrote:
>> >> You need to know the mime type for the file you're serving. Call >>> header('Content-Type: x/y'); where x/y is the mime type. Then call >>> readfile('/path/to/file/on/server'); to output the file to the >>> browser. >>> >>> -Stut >> >> > > Stut, trying that method gives me the following: PHP Warning: > readfile( > \\server\folder\file.xls) [<a > href='function.readfile'>function.readfile</a>]: failed to open > stream: > Invalid argument on line 44 > > Here's my code. Line 44 is where it stated readfile() > This document is located on a seperate server. > > > <?php > $folder = $_GET['folder']; > $file = $_GET['file']; > > $filename = "\\\\server\\".$folder."\\".$file.".xls"; > header("Content-Type: application/x-msdownload"); > readfile($filename); > ?> This won't address the permissions issue, but I ran into a similar problem where IE wouldn't open the file unless 'exit;' was present. You may want to add: <?php readfile($filename); exit; ?> Cheers, ~Philip
|
|
08-16-2008
|
|||
|
|||
|
Re: Displaying files
On Aug 15, 6:26*am, mrsqua...@gmail.com ("Dan Shirah") wrote:
Have you tried file()? You could use this function to read the file into a string and then output it to the browser. Of course this does mean that the file has to be in a directory php can access. This would keep the file source invisible to the user. Is there any reason you can't store the files you will be accessing in the "Site" folder that php has access to? If you can do this, there are no permissions issues. On the web server I use, there are lots of locations available to the web server and, thus php, outside of the web site root directory that protect access to files in any of these locations. If not, php runs as a module of the web server. I don't know anything about any Windows servers, but if you are on a Unix host and it is using Apache, you can use the Apache configuration file (httpd.conf) to give apache access to the specific directory where your files are located. Of course, the permissions for that directory must give the Apache user access to the directory. When I use my machine as a web server using Apache (it is a Mac computer), I can easily set any directory on the drive to allow Apache (and, thus, php) access. --Kenoli
|
Linear Mode
