Forced file downloads in coursepress

I know that it is possible to force a file download in PHP using headers. Right now any file downloads added in CoursePress use the default file handler on a users computer. Is it possible to add this capability to CoursePress, and add a settings option "Force file downloads / Use default file handling on file download links." I am not sure if this will work or not with the encryption that is currently used to mask the urls, but it would be very helpful. The following link gives an idea of what I am trying to do.

http://stackoverflow.com/questions/7263923/how-to-force-file-download-with-php

If this is not something that the developers see as something that should be incorporated as a core function, would someone be willing help me figure out a hotfix for this solution.

  • Tyler Postle

    Hey Bryan,

    Hope you're doing well today and thanks for your question!

    Is this with the file download element inside CoursePress or just on any page you are wanting to do this?

    First time this has been asked I think :p

    I'll also flag SLS, our coding experts, so they take a closer look here to. Whether it's with the file download element or just inside a page, it will require some custom development. If it can't be implemented into CoursePress then our SLS staff will be able to get you going in the right direction :slight_smile:

    Look forward to hearing back here!

    All the best,
    Tyler

  • Bryan

    The issue that I am having is that a client is trying to download and save a PDF to their computer. They are not happy that the behavior changes based on which computer they are using to demo a course. I was trying to explain the differences, and I was asked if it was possible to "make them do the same thing for everyone." I have programmed a system before using the information that I received using the stackoverflow link in my first comment. The problem that I am having is trying to figure out how to get that behavior within the scope of CoursePress. Another link that helped me greatly in the aforementioned setup is http://webdesign.about.com/od/php/ht/force_download.htm

    Basically, what I am trying to do is this. When I add a "File Download" element, I would like to have a checkbox that would say "force download" or "enable default file download behavior" OR just have the force download as the "only" option. Right now, when you click a download link, it pulls the encrypted url (which is awesome by the way) and then lets the browser decide how to handle the file instead of telling the browser that it is an actual download and should handle it as such. I just want to make sure that I am being clear with what I am asking.

    Edit: This would also be a very helpful feature for people who do online training for web design. It would let them force download of html, php, xml, etc. files instead of the link trying to open the file in the browser window.

  • Bryan

    Hi Tyler,

    That is correct.

    However, the issue isn't necessarily the browser giving that dialogue or not. The issue primarily occurs when the browser doesn't give a dialogue, but instead automatically opens the file (i.e. pdf, html, php, etc.) within the browser instead of the default program on the users machine.

    ... unfortunately, with those types of files, this is often the users web browser.

    Thanks for looking into this for me.

  • Hoang Ngo

    Hi @Bryan,

    I hope you are well today.

    Hmm, actually that link above is doing the same way with CP Download Unit, you can see the download code handler here

    /coursepress/coursepress.php line 2127

    function check_for_force_download_file_request() {
    
    			if ( isset( $_GET[ 'fdcpf' ] ) ) {
    				ob_start();
    
    				require_once( $this->plugin_dir . 'includes/classes/class.encryption.php' );
    				$encryption		 = new CP_Encryption();
    				$requested_file	 = $encryption->decode( $_GET[ 'fdcpf' ] );
    
    				$requested_file_obj = wp_check_filetype( $requested_file );
    				header( 'Pragma: public' );
    				header( 'Expires: 0' );
    				header( 'Cache-Control: must-revalidate, post-check = 0, pre-check = 0' );
    				header( 'Cache-Control: private', false );
    				header( 'Content-Type: ' . $requested_file_obj[ "type" ] );
    				header( 'Content-Disposition: attachment; filename ="' . basename( $requested_file ) . '"' );
    				header( 'Content-Transfer-Encoding: binary' );
    				header( 'Connection: close' );
    
    				/**
    				 * Filter used to alter header params. E.g. removing 'timeout'.
    				 */
    				$force_download_parameters = apply_filters( 'coursepress_force_download_parameters', array(
    					'timeout'	 => 60,
    					'user-agent' => $this->name . ' / ' . $this->version . ';'
    				) );
    				echo wp_remote_retrieve_body( wp_remote_get( $requested_file ), $force_download_parameters );
    				exit();
    			}
    		}

    It's using head to trigger an download signal to browser, and from here, the browser will take the rest of action (open dialog, etc).

    You can do a test, by copy this code (I get from the url you sent)

    $file_url = 'http://www.myremoteserver.com/file.exe';
    header('Content-Type: application/octet-stream');
    header("Content-Transfer-Encoding: Binary");
    header("Content-disposition: attachment; filename=\"" . basename($file_url) . "\"");
    readfile($file_url); // do the double-download-dance (dirty but worky)

    And copy it to a file, and then try to access the php file from various browsers, you can see in firefox, it's will open a dialog and asking your action for example.

    This code used to work
    header('Content-Type: application/force-download');
    But due to security (like some mail-ware force user to download an app and run it or similar), this seem not work anymore.

    I'm afraid we don't have any easy solution for this :slight_frown:

    Best regards,
    Hoang Ngo

  • Bryan

    Thanks Hoang,

    I was never able to replicate the issue that my client was having on any of my testing machines. I shared this information with the client and asked for him to talk me through the download. It turns out that the file IS doing what it should. It is just that the default pdf file handler on his computer was his browser. It wasn't the browser or web code causing the file to open in his browser - just a "bad" computer setting. Thank you for helping me find the root of the issue.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.