Download a file to server from a url that require authentication

lgduong
lgduong used Ask the Experts™
on
I am given a url when I am to enter my user credential and a CSV file can be saved or opened.
This work and I am able to see the content of the CSV file.
Now, I want to create a PHP script on my web server in which I can have the file be downloaded to a location I specify.

<?php
$username = 'userinfo';
$password = 'userpassword';

$remote_url = "https://test.com/report_template.do?CSV&jvar_report_id=1";

$context = stream_context_create(array(
    'http' => array(
        'header'  => "Authorization: Basic " . base64_encode("$username:$password")
    )
));

$fileName = file_get_contents($remote_url, false, $context);

$filePath = "csv/files/".$fileName;

header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=\"$filePath \""); 
header("Content-type: text/csv");
header("Content-Transfer-Encoding: binary");
?>

Open in new window



What am I doing wrong?  Can someone please help?

Thanks,

lgduong
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2011
Top Expert 2016

Commented:
I think these are two separate applications, and they can be built together to do the things you want.

First, here is how to password-protect a part (or all) of a web site.
http://www.experts-exchange.com/articles/2391/PHP-Client-Registration-Login-Logout-and-Easy-Access-Control.html

Second, here is how to force a download.
<?php // demo/force_download.php
/**
 * Show how to force a file download
 *
 * Choose a file to download, either via a hard-coded file path
 * or via a URL parameter like this
 *
 * path/to/demo/force_download.php?url=path/to/file.txt
 *
 * If you wanted to use the URL parameter, you might want to
 * (1) Secure the script with password protection
 * (2) replace the $url variable with something like this:
 * $url = $_GET['url'];
 *
 * If you use the URL parameter, be careful that the script
 * does not expose sensitive data on your server!
 */
error_reporting(E_ALL);


// WHAT FILE DO WE WANT TO DOWNLOAD?
$url = "http://www.IcoNoun.com/demo/short_text_file.txt";


// USE CASE
force_download($url);


// FUNCTION TO FORCE A DOWNLOAD FROM A FILE
function force_download($url, $filename=NULL)
{
    // GET THE DOWNLOAD FILE NAME
    if (empty($filename)) $filename = basename($url);

    // GET LENGTH AND FILE RESOURCE POINTER
    $hdr = get_headers($url, TRUE);
    $len = trim($hdr['Content-Length']);
    $fpr = fopen($url,'rb');

    // ON SUCCESS
    if ($fpr)
    {
        // THESE HEADERS ARE USED ON ALL BROWSERS
        header("Content-Type: application-x/force-download");
        header("Content-Disposition: attachment; filename=$filename");
        header("Content-length: $len");
        header("Expires: ".gmdate("D, d M Y H:i:s", mktime(date("H")+2, date("i"), date("s"), date("m"), date("d"), date("Y")))." GMT");
        header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");

        // THIS HEADER MUST BE OMITTED FOR IE 6+
        if (FALSE === strpos($_SERVER["HTTP_USER_AGENT"], 'MSIE '))
        {
            header("Cache-Control: no-cache, must-revalidate");
        }

        // THIS IS THE LAST HEADER
        header("Pragma: no-cache");

        // FLUSH THE HEADERS TO THE BROWSER
        flush();

        // WRITE THE FILE
        fpassthru($fpr);
    }

    // ERROR
    else
    {
        trigger_error("Unable to open $url", E_USER_ERROR);
    }
}

Open in new window

Author

Commented:
Ray,

I'm sorry.  Maybe I wasn't clear in my question.  I don't need to create password protected web page.  My site is already password protected and each page check for verification.  As for the force-download, will the file be downloaded to my local machine or will be downloaded to the web server that is running the script.  That is really what I want to do.  I want the php script to download the file from that remote url and save it on the web server.  For example, the php script (download.php) is run at this location on the webserver /www/var/html/run/download.php.  The csv file is then downloaded and save on the web server /www/var/html/files/filedownloaded.csv.
Most Valuable Expert 2011
Top Expert 2016

Commented:
What is the original URL of the CSV file?
Expert Spotlight: Joe Anderson (DatabaseMX)

We’ve posted a new Expert Spotlight!  Joe Anderson (DatabaseMX) has been on Experts Exchange since 2006. Learn more about this database architect, guitar aficionado, and Microsoft MVP.

Dave BaldwinFixer of Problems
Most Valuable Expert 2014

Commented:
"Authorization: Basic " is checked by Apache, the web server.  Web pages never see that. ??
What sort of error are you getting?

Are you sure the remote server is actually using HTTP Basic authentication (rather than another method of requesting the username and password)?

Also, bear in mind that file_get_contents will return the actual full content of the remote URL, which you're currently putting into the $fileName variable and then using as a filename, so I don't think that's what you intended.

If you only want to save the file on your server, as mentioned in your subsequent comment, you don't need any of the header() lines.
You could simply do something like this (assuming your instance of PHP has the appropriate permissions to write to the given location):
$data = file_get_contents($remote_url, false, $context);
file_put_contents('/www/var/html/files/filedownloaded.csv', $data);

Open in new window

Author

Commented:
Hello,

Sorry I just got back from time off.  That's why I haven't gotten back to this question.

Ray -- The original url would be the remote url (https://test.com/report_template.do?CSV&jvar_report_id=1).

Edward Millen - I made the following changes and the filedownloaded.csv does not appear in the directory /www/var/html/files/

$username = 'userinfo';
$password = 'userpassword';

$remote_url = "https://test.com/report_template.do?CSV&jvar_report_id=1";

$context = stream_context_create(array(
    'http' => array(
        'header'  => "Authorization: Basic " . base64_encode("$username:$password")
    )
));

$fileName = file_get_contents($remote_url, false, $context);

file_put_contents('/www/var/html/files/filedownloaded.csv', $fileName);

Open in new window

Most Valuable Expert 2011
Top Expert 2016

Commented:
Are you sure that the correct URL is test.com?  It appears to be redirecting in a strange way, and a PHP script using file_get_contents() may not behave the way you want.

If that's not the correct URL, please tell us the correct URL so we can test with cURL.  Thanks.

Author

Commented:
This was the correct solution. I had the path to download the file incorrectly.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial