asked on

Download a file to server from a url that require authentication

I am given a url when I am to enter my user credential and a CSV file can be saved or opened.
This work and I am able to see the content of the CSV file.
Now, I want to create a PHP script on my web server in which I can have the file be downloaded to a location I specify.

<?php
$username = 'userinfo';
$password = 'userpassword';

$remote_url = "https://test.com/report_template.do?CSV&jvar_report_id=1";

$context = stream_context_create(array(
    'http' => array(
        'header'  => "Authorization: Basic " . base64_encode("$username:$password")
    )
));

$fileName = file_get_contents($remote_url, false, $context);

$filePath = "csv/files/".$fileName;

header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=\"$filePath \""); 
header("Content-type: text/csv");
header("Content-Transfer-Encoding: binary");
?>

Open in new window

What am I doing wrong? Can someone please help?

Thanks,

lgduong

Ray Paseur

I think these are two separate applications, and they can be built together to do the things you want.

First, here is how to password-protect a part (or all) of a web site.
https://www.experts-exchange.com/articles/2391/PHP-Client-Registration-Login-Logout-and-Easy-Access-Control.html

Second, here is how to force a download.

<?php // demo/force_download.php
/**
 * Show how to force a file download
 *
 * Choose a file to download, either via a hard-coded file path
 * or via a URL parameter like this
 *
 * path/to/demo/force_download.php?url=path/to/file.txt
 *
 * If you wanted to use the URL parameter, you might want to
 * (1) Secure the script with password protection
 * (2) replace the $url variable with something like this:
 * $url = $_GET['url'];
 *
 * If you use the URL parameter, be careful that the script
 * does not expose sensitive data on your server!
 */
error_reporting(E_ALL);


// WHAT FILE DO WE WANT TO DOWNLOAD?
$url = "http://www.IcoNoun.com/demo/short_text_file.txt";


// USE CASE
force_download($url);


// FUNCTION TO FORCE A DOWNLOAD FROM A FILE
function force_download($url, $filename=NULL)
{
    // GET THE DOWNLOAD FILE NAME
    if (empty($filename)) $filename = basename($url);

    // GET LENGTH AND FILE RESOURCE POINTER
    $hdr = get_headers($url, TRUE);
    $len = trim($hdr['Content-Length']);
    $fpr = fopen($url,'rb');

    // ON SUCCESS
    if ($fpr)
    {
        // THESE HEADERS ARE USED ON ALL BROWSERS
        header("Content-Type: application-x/force-download");
        header("Content-Disposition: attachment; filename=$filename");
        header("Content-length: $len");
        header("Expires: ".gmdate("D, d M Y H:i:s", mktime(date("H")+2, date("i"), date("s"), date("m"), date("d"), date("Y")))." GMT");
        header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");

        // THIS HEADER MUST BE OMITTED FOR IE 6+
        if (FALSE === strpos($_SERVER["HTTP_USER_AGENT"], 'MSIE '))
        {
            header("Cache-Control: no-cache, must-revalidate");
        }

        // THIS IS THE LAST HEADER
        header("Pragma: no-cache");

        // FLUSH THE HEADERS TO THE BROWSER
        flush();

        // WRITE THE FILE
        fpassthru($fpr);
    }

    // ERROR
    else
    {
        trigger_error("Unable to open $url", E_USER_ERROR);
    }
}

Open in new window

lgduong

ASKER

Ray,

I'm sorry. Maybe I wasn't clear in my question. I don't need to create password protected web page. My site is already password protected and each page check for verification. As for the force-download, will the file be downloaded to my local machine or will be downloaded to the web server that is running the script. That is really what I want to do. I want the php script to download the file from that remote url and save it on the web server. For example, the php script (download.php) is run at this location on the webserver /www/var/html/run/download.php. The csv file is then downloaded and save on the web server /www/var/html/files/filedownloaded.csv.

Ray Paseur

What is the original URL of the CSV file?

Dave Baldwin

"Authorization: Basic " is checked by Apache, the web server. Web pages never see that. ??

ASKER CERTIFIED SOLUTION

Edward Millen

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

lgduong

ASKER

Hello,

Sorry I just got back from time off. That's why I haven't gotten back to this question.

Ray -- The original url would be the remote url (https://test.com/report_template.do?CSV&jvar_report_id=1).

Edward Millen - I made the following changes and the filedownloaded.csv does not appear in the directory /www/var/html/files/

$username = 'userinfo';
$password = 'userpassword';

$remote_url = "https://test.com/report_template.do?CSV&jvar_report_id=1";

$context = stream_context_create(array(
    'http' => array(
        'header'  => "Authorization: Basic " . base64_encode("$username:$password")
    )
));

$fileName = file_get_contents($remote_url, false, $context);

file_put_contents('/www/var/html/files/filedownloaded.csv', $fileName);

Open in new window

Ray Paseur

Are you sure that the correct URL is test.com? It appears to be redirecting in a strange way, and a PHP script using file_get_contents() may not behave the way you want.

If that's not the correct URL, please tell us the correct URL so we can test with cURL. Thanks.

lgduong

ASKER

This was the correct solution. I had the path to download the file incorrectly.