Authorized Download

[jp2php]

I have a file on my web server, and visitors can only see the link after they have logged in.

 

A flaw in my design is that anyone who knows the direct link can just type in the address to get to it.

 

How do I solve this? Should I copy the actual file to a temp file and give the link to the temp file whenever someone logs in?

 

Is there a tutorial on how to tackle something like this? I don't even know what to call what I'm trying to do.

[mattal999]

Heres what you do.

 

Have a database set up with a table for users and files.

 

files.table:

id    |url                                |downloads

1    | f2434hnddfuhsdjkdf.pdf  |0

 

download.php:

<?php

$id = $_GET['id'];
$query = mysql_query("SELECT * FROM files WHERE id='".$id."'");
$file = mysql_fetch_array($query);
$addhit = mysql_query("UPDATE files SET downloads=downloads+1 WHERE id='".$id."'");

header("Content-disposition: attachment; filename=".$file['url']);
header("Content-type: application/octet-stream");
readfile($file['url']);

?>

 

members.php (or whatever has the download link):

<?php

$downloadlink = "<a href=\"download.php?id=1\">Download file (.pdf)</a>"; // Change the id according to the file to be downloaded, and .pdf to whatever the file type is in relation to the id.
echo $downloadlink;

?>

 

That should work (Untested code btw).