Jump to content


Photo

question about hidding the location of a download.


  • Please log in to reply
15 replies to this topic

#1 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 13 August 2006 - 11:26 AM

I have some downloadable zip files and am wanting to hide the location. I tried a simple switch statment and it still displays the location of the file when downloading it.

here is what I have tried
<?php
function getaction($action) {
    switch($action) {
        case "download":
	 $filename = $_GET['filename'];
	 header("Location: http://www.mysite.com/test/$filename");
        break;
    }
}
getaction($_GET['action']);	    	   
?>

This realy does nothing. It brings up the requested file but you can still see the location in the bottom of the browser.

I am wanting to change the message from downloading from site : http://www.mysite.com/test/test.zip to something like downloading: test.zip. Is this possible?

Thanks,
Tom

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#2 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 13 August 2006 - 11:41 AM

Could I use mode_rewrite to omit the directory that the zip is located in. For example it would say
Downloading from site: http://www.mysite.com/test.zip

versus

Downloading from site: http://www.mysite.com/test/test.zip

So if someone is trying to use a cgi script to bypass my .htacess file then they will get a file not found error.

Any suggestions would be great.
Tom

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#3 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 13 August 2006 - 11:44 AM

hope this helps.

try it before knock it lol................


index.php
<html>
<title>download me</title>
<body>
<table align="center">
<td>
Please download our free 5 files!
<br><br>
<a href="download.php?cmd=download1">download file 1</a>
<br><br>
<a href="download.php?cmd=download2">download file 2</a>
<br><br>
<a href="download.php?cmd=download3">download file 3</a>
<br><br>
<a href="download.php?cmd=download4">download file 4</a>
<br><br>
<a href="download.php?cmd=download2">download file 5</a>
<td>
</table>
</html>
</body>




download.php

<?php

if($_GET['cmd']=="download1"){

$file = test.txt;

header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); 

header("Content-Type: application/force-download");
header( "Content-Disposition: attachment; filename=".basename($file));

header( "Content-Description: File Transfer");
@readfile($file);

header("loacation: index.php");

}

if($_GET['cmd']=="download2"){

$file = test.txt;

header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); 

header("Content-Type: application/force-download");
header( "Content-Disposition: attachment; filename=".basename($file));

header( "Content-Description: File Transfer");
@readfile($file);

header("loacation: index.php");

}

if($_GET['cmd']=="download3"){

$file = test.txt;

header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); 

header("Content-Type: application/force-download");
header( "Content-Disposition: attachment; filename=".basename($file));

header( "Content-Description: File Transfer");
@readfile($file);

header("loacation: index.php");

}


if($_GET['cmd']=="download4"){

$file = test.txt;

header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); 

header("Content-Type: application/force-download");
header( "Content-Disposition: attachment; filename=".basename($file));

header( "Content-Description: File Transfer");
@readfile($file);

header("loacation: index.php");

}


if($_GET['cmd']=="download5"){

$file = test.txt;

header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); 

header("Content-Type: application/force-download");
header( "Content-Disposition: attachment; filename=".basename($file));

header( "Content-Description: File Transfer");
@readfile($file);

header("loacation: index.php");

}

Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#4 AndyB

AndyB
  • Staff Alumni
  • Advanced Member
  • 5,465 posts
  • LocationToronto

Posted 13 August 2006 - 11:46 AM

http://www.phpfreaks...ic,95433.0.html
Legend has it that reading the manual never killed anyone.
My site

#5 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 13 August 2006 - 12:58 PM

Thanks guys here is a copy of the working code. I have yet to add the paid case but it works just fine.

<?php
session_start();
function getaction($action) {
     switch($action) {
           case "download":
	    function getdownload($type) {
	         switch($type) {
		  case "free":
		      /*This checks to see if the request for this file came from your site and if not it will through up a File not found error*/
		      if ($_SERVER['HTTP_REFERER'] !== "http://yoursite.com/somepage.php") {
		          header("HTTP/1.1 404 Not Found");
		      }
		      //this checks to see if the user is logged in or not	 
		      if (!$_SESSION['username']) {
		           echo "You must be a member to download this file<br />";
		           include("test.html");
		           exit;
		      }	 
		      $filename =  $_GET['filename'];
		      header("Pragma: public");
                               header("Expires: 0");
                               header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); 

                               header("Content-Type: application/force-download");
                               header( "Content-Disposition: attachment; filename=".basename($filename));

                               header( "Content-Description: File Transfer");
                               header('Accept-Ranges: bytes');
		     header('Content-Length: ' . filesize($filename));
		    @readfile($filename);
	             break;
	         }
	    }
	    getdownload($_GET['type']);			 
           break;
     }
}
getaction($_GET['action']);	   
?>

Thanks again,
Tom

#Edit Why does the layout get all screwed up when I post it? This looks like a blind man coded it.

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#6 slumbermann

slumbermann
  • New Members
  • Pip
  • Newbie
  • 5 posts

Posted 01 October 2006 - 12:43 PM

Thanks guys here is a copy of the working code. I have yet to add the paid case but it works just fine.

<?php
session_start();
function getaction($action) {
     switch($action) {
           case "download":
	    function getdownload($type) {
	         switch($type) {
		  case "free":
		      /*This checks to see if the request for this file came from your site and if not it will through up a File not found error*/
		      if ($_SERVER['HTTP_REFERER'] !== "http://yoursite.com/somepage.php") {
		          header("HTTP/1.1 404 Not Found");
		      }
		      //this checks to see if the user is logged in or not	 
		      if (!$_SESSION['username']) {
		           echo "You must be a member to download this file<br />";
		           include("test.html");
		           exit;
		      }	 
		      $filename =  $_GET['filename'];
		      header("Pragma: public");
                               header("Expires: 0");
                               header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); 

                               header("Content-Type: application/force-download");
                               header( "Content-Disposition: attachment; filename=".basename($filename));

                               header( "Content-Description: File Transfer");
                               header('Accept-Ranges: bytes');
		     header('Content-Length: ' . filesize($filename));
		    @readfile($filename);
	             break;
	         }
	    }
	    getdownload($_GET['type']);			 
           break;
     }
}
getaction($_GET['action']);	   
?>

Thanks again,
Tom

#Edit Why does the layout get all screwed up when I post it? This looks like a blind man coded it.


how can I define the location of the file using this code? cause  i can't see anything defining the location of the file.

for example i want to put it in http://mydomain.com/.../files/file.zip

thanks  a lot.

#7 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 01 October 2006 - 11:39 PM

Wow this is a old post that you brought to life.  All you have to do is
change

$filename =  $_GET['filename'];

to

$filename = "/path/to/" . strip_tags($_Get['file']);

Or you could just pass something like the file id number and then do a sql query to get the rest of the data.

Another thing that I added at the end is:

$action = $_GET['action'];
$validActions = array('something', 'somethingElse');
if (!in_array($action, $vaildActions) {
    echo "invalid action";
}
getaction($action);


Good Luck,
Tom


Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#8 slumbermann

slumbermann
  • New Members
  • Pip
  • Newbie
  • 5 posts

Posted 02 October 2006 - 03:58 AM

okay... i got the path to work on Firefox and Opera... but using the same code, i'm  having trouble to get the file using Maxthon or IE.

this is the code i use.

<?php

switch($_GET['op']){


			case "free";
			 
			if ($_SERVER['HTTP_REFERER'] !== "http://mydomain.com/?p=download&pg=free") {
		          header("HTTP/1.1 404 Not Found");
		      }
			  
			$filename = "/var/www/vhosts/mydomain.com/httpdocs/storage/files/" . strip_tags($_GET['file']);

			header("Pragma: public");
            header("Expires: 0");
            header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); 

            header("Content-Type: application/force-download");
            header( "Content-Disposition: attachment; filename=".basename($filename));

            header( "Content-Description: File Transfer");
            header('Accept-Ranges: bytes');
		    header('Content-Length: ' . filesize($filename));
		    @readfile($filename);
			
			echo $filename;
			break;
}	
?>
this code is in download.php

i use

http://mydomain.com/...e&file=file.zip as the link to get this function.

thanks a lot  up front..


p.s: I hope i'm using this forum correctly by opening old topic that reflect to my problem.

#9 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 02 October 2006 - 04:15 AM

There are a couple things that I see wrong with this.

First
case "free";
should be
case "free":

Second.. Where is the action function.. I see that you are using the url like this. whatever.php?action=download&pg=free

Well I see that you have not defined the pg function ether.

Like I said, may way is not the only way but I perfer it like this.

function getaction($action) {
    switch($action) {
        case "download":
             function getpg($pg) {
                  switch($pg) {
                       case "free":
                          //do your downloading here
                       break;
                  }
              }
              getpg($_GET['pg']);
         break;
     }
}
getaction($_GET['action']);

Good Luck,
Tom
                   


Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#10 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 02 October 2006 - 04:23 AM

Also, If you are only going to have one type of download, then you do not need the switch statement.

The only reason that I have mine this way is that I have it in a process.php that does most of my processing. Like logins, logout, live chat support, ext.

just do something like this.
$file = "path/to/" . strip_tags($_GET['file']);
if (!$file) {
   echo "Something";
}
//now you can place the header info here

Good Luck,
Tom

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#11 slumbermann

slumbermann
  • New Members
  • Pip
  • Newbie
  • 5 posts

Posted 02 October 2006 - 04:32 AM

actually... about the pg thing... it was for HTTP_REFERER only... from where the file requested. so the case not included on download.php

like i said before... the  code do work already... only thing... it work only on Firefox and Opera browser only, but not working on Internet Explorer...

i edited the case too... but seems the output still the same. I can download the file nicely using Firefox and Opera.... but not IE...

is it because of the header thing?

#12 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 02 October 2006 - 04:38 AM

No, the script that I first posted works fine in IE 6, FF and Opera.

I am not sure why it is not working for you. do you get any errors?

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#13 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 02 October 2006 - 04:40 AM

Maybe you should have a look at the link posted by AndyB It will walk you through the download headers.

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#14 slumbermann

slumbermann
  • New Members
  • Pip
  • Newbie
  • 5 posts

Posted 02 October 2006 - 05:26 AM

okay... i fixed the problem... after reading some articles in the net... here is the code i'm using

switch($_GET['action']) {
		  
	  case "free":
		if ($_SERVER['HTTP_REFERER'] !== "http://mydomain.com/") {
		      header("HTTP/1.1 404 Not Found");
		  }
		$dir="/var/www/vhosts/mydomain.com/httpdocs/storage/files/";
		$filename = $dir.$_GET['file'];
			
		if (isset($_REQUEST['file']) && file_exists($filename) ) {
			
		header("HTTP/1.1 200 OK");
		header("Status: 200 OK");
		header('Pragma: private');
		header('Cache-control: private, must-revalidate');
		header('Content-type: application/force-download');
   		header( "Content-Disposition: attachment; filename=".basename($filename));
		header('Content-Length: ' . filesize($filename));		
		header( "Content-Description: File Transfer");
		readfile($filename);		 
		} else {
		   echo 'No file with this name for download.';
		}		 
	break;
		  
     }


it was the IE bug after all... so at least this one work with my browser...

#15 iaow

iaow
  • New Members
  • Pip
  • Newbie
  • 1 posts

Posted 30 April 2007 - 04:51 PM

I'm in a similar situation as the orginal poster. I've read his solution but do not know where to put the code he recommened.

For what it's worth, I have a website that only users have access to so they can download a zip file. However, if someone else knows the url of this zip file, this person can download the file without logging in.

Can someone suggest me what to do?

Thanks,
Janet.



#16 slumbermann

slumbermann
  • New Members
  • Pip
  • Newbie
  • 5 posts

Posted 01 May 2007 - 06:26 PM

hi iaow,

I guess, what you need to do, is to add up the code to check the session only, meaning, the url will be function only when the session true.

what i would do, is just to add up another function to process the session before they can process the url...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users