Hide Download URL
Solution 1:
Hiding the url will baffle the least tech savvy users, but not anyone who is willing to download your files and have a very minimal tech knowledge, if you need to hide your files behind a code (or pay wall) you can use a PHP script that authenticates the user and spits out the corresponding file, a small example is like this:
if($validUser)
{
$path = $fileName;
$size = filesize($path);
$fp = fopen($path, "rb");
$content = fread($fp, $size);
fclose($fp);
header("Content-length: ".$size);
header("Content-type: application/octet-stream");
header("Content-disposition: attachment; filename=".$fileName.";" );
echo $content;
}
exit();
This assumes you have the files physically in the server, but you can modify it if you have them in a database or any other storage medium. Of course, you must first validate if the user have the right to download that file but this is up to you.
Solution 2:
You can use a php script to provide the document, while still allowing php to authenticate the user's session information/etc.
The process goes like this:
- User enters a unique code (after additional authentication required to validate the user).
- A unique document link is generated, such as:
http://domain/download.php?file=58afg71057ga82157
(example) download.php
validates the user request against stored session information -- if everything checks out, it sends the file header() and passes along the file contents.
This basic file download tutorial provides the very basics of providing a file in this way. You will need to improve upon this basic tutorial, but it should give you an idea of how the process works.
Suggestions:
- Use a unique "key" per user (allowing the same user to re-download); or,
- A single-use key which only allows a single download, ever; or,
- Require user authentication, so that you know whether they should be "allowed" to use the key.
- Do not use a "filename.ext" to locate the file to download, either store the name in the session or use a unique identifier stored in a database.
- Don't just copy paste an example scripts, they are often extremely insecure.
Post a Comment for "Hide Download URL"