Jump to content


Photo

how to force download file


  • Please log in to reply
11 replies to this topic

#1 new_member

new_member

    Member

  • Members
  • PipPip
  • 22 posts

Posted 28 October 2013 - 12:30 PM

Hi,
 
I want to restrict access to specific folder if some one copies and paste download file link or folder in browser. For that i have modified my htaccess file and added following lines of codes in that
 
RewriteEngine On
RewriteCond %{REQUEST_URI} \.(doc|zip|pdf)$ [NC]
RewriteRule ^(.*)$ /download-pdf.php?filename=$1 [L]
 
Beside this i have placed plenty of codes searcher from google to make it accessible when accessed from my domainsite.com
 
 
 
and searched almost every site. But restricting access to my files will not allow me to access it through my site also.
 
The only solution i came across is to force download the restricted file if accessed through my site. For that i have made forcedownload.php file and reading the contents of file in that. But the problem is that how to add condition in htaccess to go to download page if accessed through my site. Any help??


#2 Psycho

Psycho

    Advanced Member

  • Gurus
  • 10,821 posts
  • LocationCanada

Posted 28 October 2013 - 01:05 PM

 

The only solution i came across is to force download the restricted file if accessed through my site. For that i have made forcedownload.php file and reading the contents of file in that. But the problem is that how to add condition in htaccess to go to download page if accessed through my site. Any help??

 

 

I'm not really understanding you. What do you mean " to go to download page if accessed through your site". Are you saying if the user types in the URL that points directly to the file you want them to be redirected to the PHP page that does the download? If so, there's a much easier solution. Move the file outside of the public folders. Then the only way people can get the file is through the download script - there won't even be a url to access the file at all.


The quality of the responses received is directly proportional to the quality of the question asked.

I do not always test the code I provide, so there may be some syntax errors. In 99% of all cases I found the solution to your problem here: http://www.php.net

#3 new_member

new_member

    Member

  • Members
  • PipPip
  • 22 posts

Posted 28 October 2013 - 01:26 PM

I want that if a file in accessed by directly copy paste the url in browser it should restrict its access and that is actually happening by adding the above lines in htaccess. But these lines are not allowing me to access the files even if i access them going through my website. I want the files to be accessible if i reach those files through my site. For this i have googled a lot but none of the code worked



#4 Psycho

Psycho

    Advanced Member

  • Gurus
  • 10,821 posts
  • LocationCanada

Posted 28 October 2013 - 01:56 PM

"How" are you referencing the file in the download script - i.e. the path? Are you referencing the file using an http:// path or via the file system. If you are using a relative path via the file system, I can't think of why the htaccess file would have any reason to stop your script from reading the file. You should definitely not be referencing the file via http.

 

But, as I stated above, you don't need to do any of this. Simply put the file in a folder that is not publicly accessible - i.e. outside of the root of your website. Then, there isn't any URL path that could ever point directly to the file and the only way to get the file would be through your download script. No entries in the htaccess file would be needed at all.

 

So, if your website is in a folder with the name htdocs, put the downloads in a folder that is at the same level or above that folder. E.g.:

 

 |

 | - htdocs

 |   | - about

 |   | - contact

 |   | - home

 |   | -  . . . etc.

 |

 | - Downloads //Not publicly accesible


The quality of the responses received is directly proportional to the quality of the question asked.

I do not always test the code I provide, so there may be some syntax errors. In 99% of all cases I found the solution to your problem here: http://www.php.net

#5 new_member

new_member

    Member

  • Members
  • PipPip
  • 22 posts

Posted 28 October 2013 - 09:03 PM

I donot have any single which i am referencing. I have multiple files inside the subdirectory download_files and are reffered by multiple places in the site. I want to restrict all of these files so i have applied the above code in htaccess. Now, i am unable to understand where to put the download.php and how to pass the file name to that so that if someone accesses it through website he should have access to that. Please explain me the flow



#6 Psycho

Psycho

    Advanced Member

  • Gurus
  • 10,821 posts
  • LocationCanada

Posted 28 October 2013 - 09:20 PM

You never answer my question.


The quality of the responses received is directly proportional to the quality of the question asked.

I do not always test the code I provide, so there may be some syntax errors. In 99% of all cases I found the solution to your problem here: http://www.php.net

#7 new_member

new_member

    Member

  • Members
  • PipPip
  • 22 posts

Posted 28 October 2013 - 10:57 PM

preg_match("/[^\/]+$/", $_SERVER['HTTP_REFFERER'], $matches); //get the filename after last slash
$file_name= $matches[0];
header("Content-disposition: attachment; filename=".$file_name);
header('Content-Type: application/octet-stream');
readfile($file_name".pdf");


#8 Psycho

Psycho

    Advanced Member

  • Gurus
  • 10,821 posts
  • LocationCanada

Posted 28 October 2013 - 11:47 PM

Well, that's not really your code is it? Pretty sure that last line would cause a syntax error.

 

It's typically a not a good idea to pass the file name as a parameter since you will have to deal with spaces and other disallowed characters. But, using that same code, you can simply put the files in a folder that is not publicly accessible as I stated before. Not knowing what folder that script is located in I can't say for sure what the relative path would be. But, for arguments sake, let's say the folder 'download_files' that is up two levels from where the script download.php is located. In that case just change the last line to this

 

readfile('../../{$file_name}.pdf");

The quality of the responses received is directly proportional to the quality of the question asked.

I do not always test the code I provide, so there may be some syntax errors. In 99% of all cases I found the solution to your problem here: http://www.php.net

#9 new_member

new_member

    Member

  • Members
  • PipPip
  • 22 posts

Posted 28 October 2013 - 11:56 PM

I have resolve the file download issue. Finalized code in htaccess is:

 

RewriteEngine On
# you can add whatever extensions you want routed to your php script
RewriteCond %{REQUEST_URI} \.(doc|zip|pdf)$ [NC]
RewriteRule ^(.*)$ download.php?filename=$1 [L]
 
But it is causing the same problem again as if someone access the file without going through site it will open it. Any idea on how to prevent direct access to files  :confused:


#10 trq

trq

    Advanced Member

  • Administrators
  • 31,019 posts
  • LocationSydney, Australia.

Posted 29 October 2013 - 12:07 AM

Any idea on how to prevent direct access to files

 

Move them somewhere they cannot be accessed.


http://thorpesystems.com | http://proemframework.org | http://github.com/trq

SmtpCatcher - A very simple mock sendmail useful for testing PHP mail scripts.
OPM - My Linux package manager.


#11 new_member

new_member

    Member

  • Members
  • PipPip
  • 22 posts

Posted 29 October 2013 - 12:08 AM

Sorry the modified code is

RewriteRule \.(pdf)$ - [NC,F,L]
RewriteCond %{REQUEST_URI} \.(doc|zip|pdf)$ [NC]
RewriteRule ^(.*)$ download.php?filename=$1 [L]
 
But still it is giving restricted access if i access it from my site also. 


#12 Psycho

Psycho

    Advanced Member

  • Gurus
  • 10,821 posts
  • LocationCanada

Posted 29 October 2013 - 12:16 PM

I've already told you  - move the files outside the web accesible folders. Then no one can access the files directly through a URL and the only way to get the files is through the download script.

 

What part of my response on Reply #8 was not clear?

 

1. Move the files to a folder that is not accessible through the web. You should have a root folder for your website. The folder for the files should be on the same level or above that folder. If this is on a shared host and you created your site in the root of the folder your host provided, then you need to put your site in a subfolder and configure the domain to point to that subfolder. Then the root folder your host provided is no longer web accessible.

 

2. Change the readfile() function to read the files in the new folder location.

 

NO REWRITE/HTACCESS CONFIGURATIONS ARE NEEDED.


Edited by Psycho, 29 October 2013 - 12:18 PM.

The quality of the responses received is directly proportional to the quality of the question asked.

I do not always test the code I provide, so there may be some syntax errors. In 99% of all cases I found the solution to your problem here: http://www.php.net




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Cheap Linux VPS from $5
SSD Storage, 30 day Guarantee
1 TB of BW, 100% Network Uptime

AlphaBit.com