I work as a lab instructor and was trying to ensure that my students can’t download their starter files early by keeping the files above the webroot and forcing them to log in (authenticated through the university’s LDAP), verifies that it is past the release time then sends them the file using readfile. Unfortunately any files I send end up corrupted.
My code is:
if (file_exists($path)) {
//header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($path));
//header('Content-Transfer-Encoding: binary');
header('Expires:' . date('r', 0));
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
//header('Pragma: public');
header('Content-Length: ' . filesize($path));
//ob_clean();
//flush();
readfile($path);
exit(0);
}
I even tried sending just plain text which also didn’t transfer correctly, just ended up with gibberish.
Edit:
Sorry I was remiss in specifying what I have already tried. I did try sending a simple text file (trying to examine a pdf in notepad looking for PHP warnings is a bit much).
I sent a file with only the contents This is plain text and the result was pure gibberish. Mostly non-printable characters. 1f 8b 08 00 00 00 00 00 00 03 0b c9 c8 2c 56 00 a2 82 9c 00
Update:
Disabled the gzipping on one of the servers and the files were still corrupted. removed the ob_clean(); flush() and the text files started coming through cleanly (can’t believe enerything you read on the internet :/ ).
Zip files were still corrupted but my PDFs were now readable. Did some more looking and it appears that there is an extra newline being added at the very start of the file. Looking back at the text file it does have an extra newline at the front and the last character is missing. As expected adding +1 to the Content-Length header lets the last character come through, still looking for where the prepended newline is coming from. Also, if I comment out the readfile I get a file with only CRLF (0d0a) in it.
The framework normally ‘wraps’ the content from the controller with a view and then a layout but both are set to blank files and the head controller is checking that they are blank and then skipping the line to echo the generated HTML. Even then the exit(0) should ensure that only destructors get called after the transfer. I verified this by putting echo statements in the layout and view and increasing the content size accordingly and that text isn’t ending up in the downloaded file so I’m relatively certain that the newline isn’t coming from there.
Ensure the PHP script does not contain empty lines out of
<?php ?>tags. In general, ensure no other stuff is echoed, but the file.It would be very helpful if you post resulting file contents here, please. Try with a simple one-line text file.