Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Copying Files/random filename

Status
Not open for further replies.
spyderco

spyderco

Programmer
Jan 23, 2005
107
US
I am creating a members-only script where they log in and click on links to load their files. The trick is, the user may never know where the real files are so they can't just hotlink or give it to their friends.

My original idea was to copy the original file and put it in a /temp/ folder with a random name. Then once they click on the link and load the file, the file would be removed from the temp folder.

The problems with this seem costly; the overhead of copying the file into memory to transport it over to another folder on the server and THEN let the load it doesn't seem worth it. Especially if these files ever get larger than 10MB.

I need to hear your ideas on how I can load a bunch of links (the original files are stored as absolute paths in my mysql database) so when a user sees or clicks the links they will NEVER see where the original file came from but they'll still be able to load it in their browser.

I asked this on another site and got the following two answers which I didn't understand. So if you think these will work, could you try re-explaining it?

Thank you!

Code: 
Why do you insist on copying the files? Why not store the random file names (and the real file name) in some sort of database and open the real file (and send that one) when a person makes a request for a random file? (And after the request remove the random file from the DB)

Code: 
Generate a new unique key for each user who needs to access a file. Store this in a database of some sort that associates that particular key with the name of the file to serve. This can be a flat file (but watch out for locking!), a tied hash (fast and reasonably easy to set up), or a relational database (probably overkill unless you're already using one).

Instead of redirecting the user to a temporary file with a randomly-generated name, redirect the user to another CGI program that takes in the unique key, looks up the appropriate file in the database, then serves the file to the user.

Bonus tip: look into the Content-Disposition header to set the filename appropriately.
 
Sort by date Sort by votes
Since you're already using a MySQL database, why not do the following?

[ul]
[li]Create a table to store the file name, type of file (if necessary) and actual file ( use a Binary Long Object (BLOB) to store the file data)[/li]
[li]Create a second table that stores a link between the member and which files they have access to[/li]
[li]When the user logs in, access the these tables to show the user what files are available to them and allow them to download directly from the DB[/li]
[/ul]

Doing it this way will keep all files out of your web space and guarantee that other users cannot see these files.

- Rieekan
 
Upvote 0 Downvote
Hmmmm.

Now this is a very interesting idea. I didn't know you could literally store files in the database, I always thought things were just linked to.

The question then is, how do you PUT a file in the DB? What this is, is a web-based admin form where they type in an absolute path in the textfield and click submit. This path is stored into the DB already. What would I have to do to store the file itself in there?

The only downside is having the original file and a copy of it at all times in the database taking up room but this definitely sounds like the easiest way to go.

Thank you! This sounds like a great idea!
 
Upvote 0 Downvote
This would all depend on where the file comes from in the first place. Does the user submit the file to the website, or is this something you generate and place online for the users?

- Rieekan
 
Upvote 0 Downvote
Instead of linking directly to the file you should link to a CGI script that redirects to the file. The one below illistrates how to use one script for every user, and every file.

When printing the page of link you will need to print the link to the file like this:

Code: 
<a href="files.cgi?user=$user&file=$file">Download $file</a>

This is what the cgi script will look like:

Code: 
#!/usr/bin/perl

use CGI;
my $GET = new CGI;

my $user=$GET->param('user');
my $file=$get->param('file');


print $GET;->redirect(-url => "[URL unfurl="true"]http://www.domain.com/$user/long/path/they/will/never/guess/$file");[/URL]




The page will not reload, refresh, or change. The dialog box prompt will appear asking if they want to download the file. They will never see the actual name of the file, or its location!

Let me know if you need more help with this concept...
 
Upvote 0 Downvote
Similar to Rieekan's suggestion, store the files in a directory inaccessible to web browser and have the script serve them up. Just have it print out the correct content-type, open the file, and print the contents of the file. I guess the hard part here would be sending the correct content-type.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

AbidingDude
  • Locked
  • Question
Uploading Binary Files
Replies
2
Views
264
AbidingDude
AbidingDude
RWCherry
  • Locked
  • Question
uploading .rtf files to the web
Replies
7
Views
248
audiopro
audiopro
1DMF
  • Locked
  • Question
CGI TIMEOUT / FILESIZE metabase changes
Replies
7
Views
141
1DMF
1DMF
audrey07
  • Locked
  • Question
Getting random answers for a quiz 1
Replies
6
Views
92
KevinADC
KevinADC
lichtjiang
  • Locked
  • Question
How to manage temp files created by CGIs?
Replies
1
Views
93
Kirsle
Kirsle

Part and Inventory Search

Sponsor

Back
Top