Download a file to server from a url that require authentication

I am given a url when I am to enter my user credential and a CSV file can be saved or opened.
This work and I am able to see the content of the CSV file.
Now, I want to create a PHP script on my web server in which I can have the file be downloaded to a location I specify.

<?php
$username = 'userinfo';
$password = 'userpassword';

$remote_url = "https://test.com/report_template.do?CSV&jvar_report_id=1";

$context = stream_context_create(array(
    'http' => array(
        'header'  => "Authorization: Basic " . base64_encode("$username:$password")
    )
));

$fileName = file_get_contents($remote_url, false, $context);

$filePath = "csv/files/".$fileName;

header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=\"$filePath \""); 
header("Content-type: text/csv");
header("Content-Transfer-Encoding: binary");
?>

Open in new window

What am I doing wrong? Can someone please help?

Thanks,

lgduong

PHPApache Web Server

Last Comment

lgduong

8/22/2022 - Mon

Ray Paseur

3/22/2016

I think these are two separate applications, and they can be built together to do the things you want.

First, here is how to password-protect a part (or all) of a web site.
https://www.experts-exchange.com/articles/2391/PHP-Client-Registration-Login-Logout-and-Easy-Access-Control.html

Second, here is how to force a download.

<?php // demo/force_download.php
/**
 * Show how to force a file download
 *
 * Choose a file to download, either via a hard-coded file path
 * or via a URL parameter like this
 *
 * path/to/demo/force_download.php?url=path/to/file.txt
 *
 * If you wanted to use the URL parameter, you might want to
 * (1) Secure the script with password protection
 * (2) replace the $url variable with something like this:
 * $url = $_GET['url'];
 *
 * If you use the URL parameter, be careful that the script
 * does not expose sensitive data on your server!
 */
error_reporting(E_ALL);


// WHAT FILE DO WE WANT TO DOWNLOAD?
$url = "http://www.IcoNoun.com/demo/short_text_file.txt";


// USE CASE
force_download($url);


// FUNCTION TO FORCE A DOWNLOAD FROM A FILE
function force_download($url, $filename=NULL)
{
    // GET THE DOWNLOAD FILE NAME
    if (empty($filename)) $filename = basename($url);

    // GET LENGTH AND FILE RESOURCE POINTER
    $hdr = get_headers($url, TRUE);
    $len = trim($hdr['Content-Length']);
    $fpr = fopen($url,'rb');

    // ON SUCCESS
    if ($fpr)
    {
        // THESE HEADERS ARE USED ON ALL BROWSERS
        header("Content-Type: application-x/force-download");
        header("Content-Disposition: attachment; filename=$filename");
        header("Content-length: $len");
        header("Expires: ".gmdate("D, d M Y H:i:s", mktime(date("H")+2, date("i"), date("s"), date("m"), date("d"), date("Y")))." GMT");
        header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");

        // THIS HEADER MUST BE OMITTED FOR IE 6+
        if (FALSE === strpos($_SERVER["HTTP_USER_AGENT"], 'MSIE '))
        {
            header("Cache-Control: no-cache, must-revalidate");
        }

        // THIS IS THE LAST HEADER
        header("Pragma: no-cache");

        // FLUSH THE HEADERS TO THE BROWSER
        flush();

        // WRITE THE FILE
        fpassthru($fpr);
    }

    // ERROR
    else
    {
        trigger_error("Unable to open $url", E_USER_ERROR);
    }
}

Open in new window

lgduong

3/23/2016

ASKER

Ray,

I'm sorry. Maybe I wasn't clear in my question. I don't need to create password protected web page. My site is already password protected and each page check for verification. As for the force-download, will the file be downloaded to my local machine or will be downloaded to the web server that is running the script. That is really what I want to do. I want the php script to download the file from that remote url and save it on the web server. For example, the php script (download.php) is run at this location on the webserver /www/var/html/run/download.php. The csv file is then downloaded and save on the web server /www/var/html/files/filedownloaded.csv.

Ray Paseur

3/23/2016

What is the original URL of the CSV file?

All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat

William Peck

Dave Baldwin

3/23/2016

"Authorization: Basic " is checked by Apache, the web server. Web pages never see that. ??

ASKER CERTIFIED SOLUTION

Edward Millen

3/29/2016

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.

View this solution by signing up for a free trial.

Members can start a 7-Day free trial and enjoy unlimited access to the platform.

See Pricing Options

Start Free Trial

GET A PERSONALIZED SOLUTION

Ask your own question & get feedback from real experts

Find out why thousands trust the EE community with their toughest problems.

lgduong

4/5/2016

ASKER

Hello,

Sorry I just got back from time off. That's why I haven't gotten back to this question.

Ray -- The original url would be the remote url (https://test.com/report_template.do?CSV&jvar_report_id=1).

Edward Millen - I made the following changes and the filedownloaded.csv does not appear in the directory /www/var/html/files/

$username = 'userinfo';
$password = 'userpassword';

$remote_url = "https://test.com/report_template.do?CSV&jvar_report_id=1";

$context = stream_context_create(array(
    'http' => array(
        'header'  => "Authorization: Basic " . base64_encode("$username:$password")
    )
));

$fileName = file_get_contents($remote_url, false, $context);

file_put_contents('/www/var/html/files/filedownloaded.csv', $fileName);

Open in new window

Ray Paseur

4/5/2016

Are you sure that the correct URL is test.com? It appears to be redirecting in a strange way, and a PHP script using file_get_contents() may not behave the way you want.

If that's not the correct URL, please tell us the correct URL so we can test with cURL. Thanks.

⚡ FREE TRIAL OFFER

Try out a week of full access for free.

Find out why thousands trust the EE community with their toughest problems.

lgduong

4/26/2016

ASKER

This was the correct solution. I had the path to download the file incorrectly.