如何将PDF文件保存在公共根目录之上,然后在PHP中检索它? (使用fpdf)

时间:2014-10-30 19:56:01

标签: php pdf fpdf

我使用fpdf将文件输出到服务器然后触发电子邮件。这有效,但pdf中会有敏感信息。如何将pdf输出到公共根目录上的文件夹?然后我如何通过链接再次检索该文件?

<?php
require('fpdf.php');

$pdf = new FPDF();
$pdf->AddPage();
$pdf->SetFont('Arial','B',16);
$pdf->Cell(40,10,'Hello World!');
$pdf->Output('/applications/doc.pdf','F');
?>

<?php

$to = "oelbaga@newworldgroup.com";
$from = "Omar <oelbaga@newworldgroup.com>";
$subject = "Test Attachment Email";

$separator = md5(time());

// carriage return type (we use a PHP end of line constant)
$eol = PHP_EOL;

// attachment name
$filename = "doc.pdf";

//$pdfdoc is PDF generated by FPDF
$attachment = chunk_split(base64_encode($pdf));

// main header
$headers  = "From: ".$from.$eol;
$headers .= "MIME-Version: 1.0".$eol; 
$headers .= "Content-Type: multipart/mixed; boundary=\"".$separator."\"";

// no more headers after this, we start the body! //

$body = "--".$separator.$eol;
$body .= "Content-Transfer-Encoding: 7bit".$eol.$eol;
$body .= "This is a MIME encoded message.".$eol;

// message
$body .= "--".$separator.$eol;
$body .= "Content-Type: text/html; charset=\"iso-8859-1\"".$eol;
$body .= "Content-Transfer-Encoding: 8bit".$eol.$eol;
$body .= $message.$eol;

// attachment
$body .= "--".$separator.$eol;
$body .= "Content-Type: application/octet-stream; name=\"".$filename."\"".$eol; 
$body .= "Content-Transfer-Encoding: base64".$eol;
$body .= "Content-Disposition: attachment".$eol.$eol;
$body .= $attachment.$eol;
$body .= "--".$separator."--";

// send message
if (mail($to, $subject, $body, $headers)) {
echo "mail send ... OK";
} else {
echo "mail send ... ERROR";
}


?>

1 个答案:

答案 0 :(得分:0)

知道了,虽然这可能存在重大安全漏洞。

在公共webroot上输出fpdf文件的代码:

$pdf->Output('...physical..path.../doc.pdf','F');

检索该pdf并强行下载:

$oefilename =  "doc.pdf";
$rootDir = realpath('/var/www/vhosts/lavaansmile.com/private/');
$fullPath = realpath($rootDir . '/' . $oefilename);
header('Content-type: application/pdf');
header('Content-Disposition: attachment; filename=' . basename($fullPath)); 

header('Content-Length: ' . filesize($fullPath));
@readfile($fullPath);

要获取页面的物理路径,您可以使用:

 //get real path
$path = 'NameofYourPage.php';
echo realpath($path);
相关问题
最新问题