[PHP]
class ReportGenerator {
function ReportGenerator() {}
/**
* Generate the HTTP headers necessary for this file type. Can be
called statically
*
* @access public
* @param mixed $filename
* @see file_get_contents
* @see actual_path
*/
function &generateHTTPHeaders($filename) { // STATIC VOID METHOD
if (!preg_match('/.+\.[a-zA-Z0-9\-_]+$/i', $filename)) die("Filename:
\"$filename\" must have an extension");
$ext = substr($filename, strrpos($filename, '.') + 1,
strlen($filename));
switch (strtolower(trim($ext))) {
case 'pdf':
$ctype = 'application/pdf';
break;
case 'exe':
$ctype = 'application/octet-stream';
break;
case 'zip':
$ctype = 'appliation/zip';
break;
case 'doc':
$ctype = 'application/msword';
break;
case 'xls':
$ctype = 'application/vnd.ms-excel';
break;
case 'csv':
$ctype = 'application/vnd.ms-excel';
break;
case 'ppt':
$ctype = 'application/vnd.ms-powerpoint';
break;
case 'gif':
$ctype = 'image/gif';
break;
case 'png':
$ctype = 'image/png';
break;
case 'jpg':
$ctype = 'image/jpg';
break;
case 'jpeg':
$ctype = 'image/jpg';
break;
default:
$ctype = 'application/force-download';
break;
}
header('Pragma: public');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header("Content-Type: $ctype");
$user_agent = strtolower($_SERVER['HTTP_USER_AGENT']);
if ((is_integer(strpos($user_agent, 'msie'))) &&
(is_integer(strpos($user_agent, 'win')))) {
header('Content-Disposition: filename=' .
basename(actual_path($filename)) . ';');
} else {
header('Content-Disposition: inline; filename=' .
basename(actual_path($filename)) . ';');
}
header('Content-Transfer-Encoding: binary');
header('Content-Length: ' . @filesize(actual_path($filename)));
if (function_exists('file_get_contents')) {
echo @file_get_contents(actual_path($filename));
} else {
@readfile(actual_path($filename));
}
}
}
[/PHP]
The class method generateHTTPHeaders() can be called statically to
force-download a file (Excel, CSV, PDF, etc.) per customer requirement.
However, upon attempting to do so:
[PHP]
// REAL IMPORTANT!!! CHMOD OR THE WORLD CAN SEE YOUR REPORTS!!!!!!!
if ($this->isSuccessful) @chmod(0770,
actual_path($newReportFileName)); // CHANGE PERMISSIONS (IF IN UNIX)
TO PREVENT WORLD FROM ACCESSING FILE
if ($this->isSuccessful)
ReportGenerator::generateHTTPHeaders($newReportFil eName); // THIS
CAUSES THE FORCED DOWNLOAD
@unlink(actual_path($newReportFileName)); // FILE HAS BEEN
FORCE-DOWNLOADED AND IS NO LONGER NEEDED ON SERVER
@unlink(actual_path($reportFileName)); // REMOVE THE
TEMPORARY FILE AS WELL, PROVIDED IT EXISTS AND/OR YOU CAN
if ($this->isSuccessful) exit();
[/PHP]
The force-downloaded file you get is completely flooded with HTML,
particularly the HTML of the page itself! I do not understand how this
is possible, particularly since I ran careful traces up until the
headers are spawned, and the resulting file contents are legitimate
report data (no HTML) up until you generate the headers at the end of
the method, then suddenly HTML pours in like a breached levee!
Any ideas? This is as much code as I am able to display that would be
relevant to the problem, I'm afraid.
Thanx
Phil
