Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Hide Download URL
- Thread starter Extreme43
- Start date
not sure what you mean here.
is that you want to stop the user finding out the url of a file in a directory altogether (in which case you could replace the link with a php script that checks a session timeout value and if within a short period of time could deliver the file)
if you just want to occlude the url but are ok with it being in the source code then Chacalinc's solution works well
is that you want to stop the user finding out the url of a file in a directory altogether (in which case you could replace the link with a php script that checks a session timeout value and if within a short period of time could deliver the file)
if you just want to occlude the url but are ok with it being in the source code then Chacalinc's solution works well
- Thread starter
- #4
ok.. the download.php should have header()'s, something like this:
header("Content-Type: application/octet-stream");
header('Content-Disposition: attachment; filename="'.$_POST['file'].'"');
header('Content-Length: '.$filesize);
readfile($storagelocation.$filename);
(take a look the header function in
header("Content-Type: application/octet-stream");
header('Content-Disposition: attachment; filename="'.$_POST['file'].'"');
header('Content-Length: '.$filesize);
readfile($storagelocation.$filename);
(take a look the header function in
Try the code below. it would be better to hook up the file ids to a mysql database but hardcoding was quicker!
of course you need read access to the documents directory for the apache/web user but make sure that other users do not have access.
Note: i've not checked this code (but it should work!).
of course you need read access to the documents directory for the apache/web user but make sure that other users do not have access.
Note: i've not checked this code (but it should work!).
Code:
<?php
//say file to download is ../dir/file.doc
// self-managing page might look like this
$timelimit = 5; //in minutes
if (!isset($_GET['DLID']))
{
displaystartpage();
}
else
{
if (validdownload() === true)
{
unset ($_SESSION['time']);
downloadfile($_GET[DLID]);
}
else
{
unset ($_SESSION['time']);
die("This download link has expired");
}
}
function validdownload()
{
session_start();
global ($timelimit);
$mins = $timelimit * 60; //this converts to seconds
$elapsedtime = time() - $_SESSION['time'];
if ($elapsedtime > $mins)
{return false;}
else
{return true;}
}
function downloadfile($id)
{
$dir = "../dir/"; //need to include the trailing slash
switch ($id)
{
case 1:
$file = "file.txt";
if (!file_exists($dir.$file))
{ die ("File does not exist");}
$len = filesize($dir.$file);
header("Content-Type: application/octet-stream");
$header="Content-Disposition: attachment; filename=$file;";
header($header);
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".$len);
readfile($dir.$file);
break;
default:
die ("No such download exists");
break;
}
}
function displaystartpage()
{
session_start();
global ($timelimit);
$_SESSION['time'] = time();
echo "Click <a href='$_POST[PHP_SELF]?DLID=1'>here</a> to download file. You have $timelimit minutes to do so.";
}
?>- Status
Similar threads
- Locked
- Question