4

Using php's ability to call upon the browser to display a given PDF it doesn't work on my web host. But it works on my local xamp server with apache.

PHP:

    $title = $_GET['title'];
    $loc = $_GET['loc'];

    header("Content-type: application/pdf");
    header("Content-Disposition: inline; filename=".$title);
    @readfile($loc);

Expected Output: Supposed to be the PDF document being rendered like it does on my local web server.

Actual but unwanted output: %PDF-1.6 %���� 1638 0 obj <> endobj xref 1638 44 0000000016 00000 n ...

Can be seen here: http://neilau.me/view.php?title=business-studies-hsc-notes-2006.pdf&loc=pdf/criteria/business-studies/2006/business-studies-hsc-notes-2006.pdf

Is this fixed through changing something on my cpanel? As my code isn't faulty... It works on my local web server.

Improve this question
8
  • remove the @ before readfile, so you can get more error's details... Commented Jul 8, 2017 at 9:33
  • 4
    Well I visited that link and the response headers contain Content-Type:text/html; charset=UTF-8 so something must be overwriting them... Commented Jul 8, 2017 at 9:34
  • @Masiorama removed that, it is just a blank screen Commented Jul 8, 2017 at 9:42
  • @NeilD check out apokryfos comment, it will put you in the right path. Commented Jul 8, 2017 at 9:44
  • @apokryfos How to I stop it from overriding? Could you tell me what causes this. Cheers Commented Jul 8, 2017 at 10:05

2 Answers 2

Reset to default
3

Use this code

<?php
$file = 'dummy.pdf';
$filename = 'dummy.pdf';
header('Content-type: application/pdf');
header('Content-Disposition: inline; filename="' . $filename . '"');
header('Content-Transfer-Encoding: binary');
header('Content-Length: ' . filesize($file));
header('Accept-Ranges: bytes');
@readfile($file);
?>
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Hi Palani, I've made my code the same as that however, as you can see on this link neilau.me/… it is still being displayed in letters and symbols.
1

You need to make sure you are not sending any text before writing headers.

Example of what not to do:

<!DOCTYPE html>
<html>
...
<?php
header("Content-type: application/pdf");

Example of how to fix that:

<?php
header("Content-type: application/pdf");    
?>   
<!DOCTYPE html>
<html>
...

In addition your script is very insecure. Here's what you should do, your entire PHP script should be:

<?php
$loc = filter_input(INPUT_GET,"loc");
$title = filter_input(INPUT_GET,'title')?:basename($loc);
if (!is_readable($loc)) {
    http_response_code(404);
    echo "Cannot find that file";
    die();
}
if (strtolower(pathInfo($loc,PATHINFO_EXTENSION)) != "pdf") {
   http_response_code(403);
    echo "You are not allowed access to that file";
    die();
}

header("Content-type: application/pdf");
header("Content-Disposition: inline; filename=".$title);
header("Content-Length: ".filesize($loc));
readfile($loc);

If you want to show things like a page title or a frame around it, you should use an iframe in another "wrapper" page:

<?php 
$loc = filter_input(INPUT_GET,"loc");
$title = filter_input(INPUT_GET,'title')?:basename($loc);
?>
<html><head><title>My title</title></head>
<body>
<iframe src="/view.php?<?php echo ($loc?"loc=$loc":"").($title?"title=$title":"") ?>">
</iframe>
</body>
<html>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.