Skip to content Skip to sidebar Skip to footer

Hide Download URL

I'm trying to make the URL of a downloadable PDF document invisible to the user, so that they can't access it from anywhere else. I need to hide the URL from the bottom left of the

Solution 1:

Hiding the url will baffle the least tech savvy users, but not anyone who is willing to download your files and have a very minimal tech knowledge, if you need to hide your files behind a code (or pay wall) you can use a PHP script that authenticates the user and spits out the corresponding file, a small example is like this:

if($validUser)
{
    $path = $fileName;
    $size = filesize($path);
    $fp = fopen($path, "rb");
    $content = fread($fp, $size);
    fclose($fp);

    header("Content-length: ".$size);
    header("Content-type: application/octet-stream");
    header("Content-disposition: attachment; filename=".$fileName.";" );
    echo $content;
}
exit();

This assumes you have the files physically in the server, but you can modify it if you have them in a database or any other storage medium. Of course, you must first validate if the user have the right to download that file but this is up to you.


Solution 2:

You can use a php script to provide the document, while still allowing php to authenticate the user's session information/etc.

The process goes like this:

  1. User enters a unique code (after additional authentication required to validate the user).
  2. A unique document link is generated, such as: http://domain/download.php?file=58afg71057ga82157 (example)
  3. download.php validates the user request against stored session information -- if everything checks out, it sends the file header() and passes along the file contents.

This basic file download tutorial provides the very basics of providing a file in this way. You will need to improve upon this basic tutorial, but it should give you an idea of how the process works.

Suggestions:

  • Use a unique "key" per user (allowing the same user to re-download); or,
  • A single-use key which only allows a single download, ever; or,
  • Require user authentication, so that you know whether they should be "allowed" to use the key.
  • Do not use a "filename.ext" to locate the file to download, either store the name in the session or use a unique identifier stored in a database.
  • Don't just copy paste an example scripts, they are often extremely insecure.

Post a Comment for "Hide Download URL"