Download file returned after uploading a file : An AJAX file converter

Question

I'm programming a PHP function that encrypts a file using a specific key. I want the user to upload his file using the "browse..." window then get the "save as" window as a result after the php encrypting.

I'm working in full AJAX so my upload method uses a hidden form and a hidden iframe to handle the upload request.

Javascript Part :

<script>
    $("#encryptFileButton").button().click(clickEncryptFile);


    function clickEncryptFile() {
        if (!jQuery.browser.msie) {
            $("#encryptFileBrowse").click();
        } else {... not the matter of the question ...}
    }

    function encryptFileBrowseChange() {
        $("#uploadAttachmentForm").submit();
    }

</script>

The nice visible button

<button id="encryptFileButton" type="button" class="ui-..." role="button">Encrypt Now</button>

The hidden part

<form action="https://web.com/encryptPHP" id="uploadAttachmentForm" target="uploadTarget" style="display:none" enctype="multipart/form-data" method="post" accept-charset="utf-8">
    <input type="file" name="encryptFileBrowse" id="encryptFileBrowse" onchange="encryptFileBrowseChange()">
</form>

<iframe id="uploadTarget" name="uploadTarget" src=""></iframe>

Now on the server side, the encryptPHP does the job and returns the encrypted file with all the required HTTP headers. But the browser does not open the "save as window"

Here is the Chrome inspector of the request

Can you help me to fill the download part of this problem ?

I wouldn't like using a temporary file on the server to be stateless and prevent orphan files when browser is interrupted. I'd really like to make this with only one query.

just a thought: wouldn't it be far more efficient to encrypt the file client-side, instead of uploading it very slowly over a potentially insecure connection? — Franz Gleichmann, Aug 16 '16 at 09:59
AFAIK you can't open save as window, all files are downloaded to download directory without prompt, the only thing you can do is to add modal dialog in javascript that will prompt for filename and then download file with that name, but you will need to add another request, I think. — jcubic, Aug 16 '16 at 10:00
@FranzGleichmann Nop, the key is a secret. the client will keep this file unreadable until he resend it to the server. — Nicolas Thery, Aug 16 '16 at 10:08
@jcubic what do you mean with download directory ? My file is nowhere on the clientside at the moment. If it is somewhere, I would be ok. On server side, the received clear file is on a temp directory but the encrypted one is not and everything is cleared after the request. — Nicolas Thery, Aug 16 '16 at 10:08
@NicolasThery you got to put correct headers on your server side. What is the file extension? — Denis Matafonov, Aug 16 '16 at 10:10
Take a look at this answer [Download File Using Javascript/jQuery](http://stackoverflow.com/a/3749395/387194) — jcubic, Aug 16 '16 at 10:20
And this [How to force file download with PHP](http://stackoverflow.com/a/7263943/387194) — jcubic, Aug 16 '16 at 10:24
@jcubic I know how to download a file and I know there are topics about that on google. My question is when the REQUEST for downloading a file is a fileupload, not a simple file GET URL. — Nicolas Thery, Aug 16 '16 at 10:40
@jcubic I added the request response data. updategroups.csv is the uploaded file. The downloaded file has the same name but content is encrypted. — Nicolas Thery, Aug 16 '16 at 10:49
My Bad !!!! I am wrong @jcubic, I misconfigured the resulting HTTP headers : I was content-disposition : inline, the inline content was in the hidden iframe. Changing response header to content disposition ATTACHMENT resolved my problem, save as popup pops ! — Nicolas Thery, Aug 16 '16 at 12:17
@NicolasThery so you want to give the client an encrypted copy of a unencrypted file he already has? sounds pretty useless to me. or do you intend to automatically delete the unencrypted file? sounds like malware to me. — Franz Gleichmann, Aug 16 '16 at 12:56
@FranzGleichmann Good question but out of scope... But if you want to know, this ensures the user identification. He has a crypted file, he can send it to me by mail (the mail stays unreadeable for Malvin the hacker) and only the server can decrypt the file, using the user key, stored on server. But Actually this is a test feature for a little more complex system, the client will crypt and my server will decrypt, using a shared secret symetric key. — Nicolas Thery, Aug 17 '16 at 12:52

score 0 · Accepted Answer · answered Aug 16 '16 at 12:19

0

In the server response, Content-disposition is inline, it must be content-disposition: attachment to get the "save as " popup.

I don't delete my question as the code example is pretty and usefull.

Uploading and downloading in only one request is nice.

answered Aug 16 '16 at 12:19

Nicolas Thery

2,319
4
26
36

Download file returned after uploading a file : An AJAX file converter

1 Answers1