Wanzul Blog

S3 Object Storage Upload & Download with Plain PHP

Written by

Wan Zulkarnain

in

,

I am familiar with typical cloud storage services like Google Drive and Microsoft OneDrive. However, in web development, these cloud storage providers are not suitable because they lack direct links to the uploaded files. To address this issue, object storage becomes a handy solution.

Using OneDrive, the link is not a link to file. Instead, it will load OneDrive first and only the file. We need hotlinking feature to use it on web.

In this article, I will be using Object Storage provided by IPServerOne instead of AWS Simple Storage Service (AWS S3). It should be almost similar; you just need to change the $s3_endpoint variable accordingly.

Protip: You can ask ChatGPT/Copilot/etc to reverse engineer the PHP code to curl if you didn’t speak PHP.

Upload to S3

To upload a file to object storage provider, you just need to pass the correct parameter and make curl request. It is actually really simple and straightforward. It is just like typical Rest API call.

Here is a PHP code on how to upload file to S3.

Demo 💻

This is a demo how a file is uploaded to Object Storage.

Simple and straightforward. You don’t have to import any huge library just to upload file to S3.

Accessing private bucket file (Download from S3)

Object (file) that has been stored (uploaded) to public bucket can be accessed directly. However, for private bucket, the URL to bucket needs to have additional parameter in the URL to get access to the URL.

Example access to object with Public Bucket

https://ap-southeast-mys1.oss.ips1cloud.com/wordpressha/test.jpg

Example access to object with Private Bucket

https://wordpressha.ap-southeast-mys1.oss.ips1cloud.com/test.jpg?AWSAccessKeyId=KL6FSI64D6FEBHY77621&Expires=1734687785&Signature=4zRuNtWz%2F9ewHT%2FUF7c2mCfOxco%3D

Notice there is parameters AWSAccessKeyId, Expires and Signature appended in the URL. This is what we called a Presigned URL.

Here is a PHP code on how to generate Presigned URL.

Looking into the code, the Presigned URL generation didn’t involve a call to an API. It is purely based on hash generated from string that are salted using Secret Key.

Demo 💻

This is a demo how a file private bucket can be accessed.

You don’t have to attempt to hack the bucket as the access to it already removed. The access is created solely for the purpose of this article 😉.

By this time, you should have some ideas how Object Storage works 😇.

Post Views: 19

More posts