Jump to content

Archived

This topic is now archived and is closed to further replies.

tomfmason

question about hidding the location of a download.

Recommended Posts

I have some downloadable zip files and am wanting to hide the location. I tried a simple switch statment and it still displays the location of the file when downloading it.

here is what I have tried
[code] <?php
function getaction($action) {
    switch($action) {
        case "download":
$filename = $_GET['filename'];
header("Location: http://www.mysite.com/test/$filename");
        break;
    }
}
getaction($_GET['action']);      
?>[/code]

This realy does nothing. It brings up the requested file but you can still see the location in the bottom of the browser.

I am wanting to change the message from downloading from site : http://www.mysite.com/test/test.zip to something like downloading: test.zip. Is this possible?

Thanks,
Tom

Share this post


Link to post
Share on other sites
Could I use mode_rewrite to omit the directory that the zip is located in. For example it would say
[code]Downloading from site: http://www.mysite.com/test.zip[/code]

versus

[code]Downloading from site: http://www.mysite.com/test/test.zip[/code]

So if someone is trying to use a cgi script to bypass my .htacess file then they will get a file not found error.

Any suggestions would be great.
Tom

Share this post


Link to post
Share on other sites
hope this helps.

try it before knock it lol................


index.php
[code]
<html>
<title>download me</title>
<body>
<table align="center">
<td>
Please download our free 5 files!
<br><br>
<a href="download.php?cmd=download1">download file 1</a>
<br><br>
<a href="download.php?cmd=download2">download file 2</a>
<br><br>
<a href="download.php?cmd=download3">download file 3</a>
<br><br>
<a href="download.php?cmd=download4">download file 4</a>
<br><br>
<a href="download.php?cmd=download2">download file 5</a>
<td>
</table>
</html>
</body>
[/code]




download.php
[code]

<?php

if($_GET['cmd']=="download1"){

$file = test.txt;

header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

header("Content-Type: application/force-download");
header( "Content-Disposition: attachment; filename=".basename($file));

header( "Content-Description: File Transfer");
@readfile($file);

header("loacation: index.php");

}

if($_GET['cmd']=="download2"){

$file = test.txt;

header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

header("Content-Type: application/force-download");
header( "Content-Disposition: attachment; filename=".basename($file));

header( "Content-Description: File Transfer");
@readfile($file);

header("loacation: index.php");

}

if($_GET['cmd']=="download3"){

$file = test.txt;

header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

header("Content-Type: application/force-download");
header( "Content-Disposition: attachment; filename=".basename($file));

header( "Content-Description: File Transfer");
@readfile($file);

header("loacation: index.php");

}


if($_GET['cmd']=="download4"){

$file = test.txt;

header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

header("Content-Type: application/force-download");
header( "Content-Disposition: attachment; filename=".basename($file));

header( "Content-Description: File Transfer");
@readfile($file);

header("loacation: index.php");

}


if($_GET['cmd']=="download5"){

$file = test.txt;

header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

header("Content-Type: application/force-download");
header( "Content-Disposition: attachment; filename=".basename($file));

header( "Content-Description: File Transfer");
@readfile($file);

header("loacation: index.php");

}
[/code]

Share this post


Link to post
Share on other sites
http://www.phpfreaks.com/forums/index.php/topic,95433.0.html

Share this post


Link to post
Share on other sites
Thanks guys here is a copy of the working code. I have yet to add the paid case but it works just fine.

[code]
<?php
session_start();
function getaction($action) {
     switch($action) {
           case "download":
    function getdownload($type) {
         switch($type) {
  case "free":
      /*This checks to see if the request for this file came from your site and if not it will through up a File not found error*/
      if ($_SERVER['HTTP_REFERER'] !== "http://yoursite.com/somepage.php") {
          header("HTTP/1.1 404 Not Found");
      }
      //this checks to see if the user is logged in or not
      if (!$_SESSION['username']) {
           echo "You must be a member to download this file<br />";
           include("test.html");
           exit;
      }
      $filename =  $_GET['filename'];
      header("Pragma: public");
                               header("Expires: 0");
                               header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

                               header("Content-Type: application/force-download");
                               header( "Content-Disposition: attachment; filename=".basename($filename));

                               header( "Content-Description: File Transfer");
                               header('Accept-Ranges: bytes');
     header('Content-Length: ' . filesize($filename));
    @readfile($filename);
             break;
         }
    }
    getdownload($_GET['type']);
           break;
     }
}
getaction($_GET['action']);    
?>[/code]

Thanks again,
Tom

[b]#Edit[/b] Why does the layout get all screwed up when I post it? This looks like a blind man coded it.

Share this post


Link to post
Share on other sites
[quote author=tomfmason link=topic=104071.msg414974#msg414974 date=1155473882]
Thanks guys here is a copy of the working code. I have yet to add the paid case but it works just fine.

[code]
<?php
session_start();
function getaction($action) {
     switch($action) {
           case "download":
    function getdownload($type) {
         switch($type) {
  case "free":
      /*This checks to see if the request for this file came from your site and if not it will through up a File not found error*/
      if ($_SERVER['HTTP_REFERER'] !== "http://yoursite.com/somepage.php") {
          header("HTTP/1.1 404 Not Found");
      }
      //this checks to see if the user is logged in or not
      if (!$_SESSION['username']) {
           echo "You must be a member to download this file<br />";
           include("test.html");
           exit;
      }
      $filename =  $_GET['filename'];
      header("Pragma: public");
                               header("Expires: 0");
                               header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

                               header("Content-Type: application/force-download");
                               header( "Content-Disposition: attachment; filename=".basename($filename));

                               header( "Content-Description: File Transfer");
                               header('Accept-Ranges: bytes');
     header('Content-Length: ' . filesize($filename));
    @readfile($filename);
             break;
         }
    }
    getdownload($_GET['type']);
           break;
     }
}
getaction($_GET['action']);    
?>[/code]

Thanks again,
Tom

[b]#Edit[/b] Why does the layout get all screwed up when I post it? This looks like a blind man coded it.
[/quote]

how can I define the location of the file using this code? cause  i can't see anything defining the location of the file.

for example i want to put it in http://mydomain.com/storage/files/file.zip

thanks  a lot.

Share this post


Link to post
Share on other sites
Wow this is a old post that you brought to life.  All you have to do is
change

[code=php:0]
$filename =  $_GET['filename'];
[/code]

to

[code=php:0]
$filename = "/path/to/" . strip_tags($_Get['file']);
[/code]

Or you could just pass something like the file id number and then do a sql query to get the rest of the data.

Another thing that I added at the end is:

[code=php:0]
$action = $_GET['action'];
$validActions = array('something', 'somethingElse');
if (!in_array($action, $vaildActions) {
    echo "invalid action";
}
getaction($action);
[/code]


Good Luck,
Tom

Share this post


Link to post
Share on other sites
okay... i got the path to work on Firefox and Opera... but using the same code, i'm  having trouble to get the file using Maxthon or IE.

this is the code i use.

[code]
<?php

switch($_GET['op']){


case "free";

if ($_SERVER['HTTP_REFERER'] !== "http://mydomain.com/?p=download&pg=free") {
          header("HTTP/1.1 404 Not Found");
      }
 
$filename = "/var/www/vhosts/mydomain.com/httpdocs/storage/files/" . strip_tags($_GET['file']);

header("Pragma: public");
            header("Expires: 0");
            header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

            header("Content-Type: application/force-download");
            header( "Content-Disposition: attachment; filename=".basename($filename));

            header( "Content-Description: File Transfer");
            header('Accept-Ranges: bytes');
    header('Content-Length: ' . filesize($filename));
    @readfile($filename);

echo $filename;
break;
}
?>
[/code]
this code is in download.php

i use

http://mydomain.com/download.php?op=free&file=file.zip as the link to get this function.

thanks a lot  up front..


p.s: I hope i'm using this forum correctly by opening old topic that reflect to my problem.

Share this post


Link to post
Share on other sites
There are a couple things that I see wrong with this.

First [code=php:0]case "free";[/code] should be [code=php:0]case "free":[/code]

Second.. Where is the action function.. I see that you are using the url like this. whatever.php?action=download&pg=free

Well I see that you have not defined the pg function ether.

Like I said, may way is not the only way but I perfer it like this.

[code=php:0]
function getaction($action) {
    switch($action) {
        case "download":
             function getpg($pg) {
                  switch($pg) {
                       case "free":
                          //do your downloading here
                       break;
                  }
              }
              getpg($_GET['pg']);
         break;
     }
}
getaction($_GET['action']);
[/code]

Good Luck,
Tom
                   

Share this post


Link to post
Share on other sites
Also, If you are only going to have one type of download, then you do not need the switch statement.

The only reason that I have mine this way is that I have it in a process.php that does most of my processing. Like logins, logout, live chat support, ext.

just do something like this.
[code=php:0]
$file = "path/to/" . strip_tags($_GET['file']);
if (!$file) {
  echo "Something";
}
//now you can place the header info here
[/code]

Good Luck,
Tom

Share this post


Link to post
Share on other sites
actually... about the pg thing... it was for HTTP_REFERER only... from where the file requested. so the case not included on download.php

like i said before... the  code do work already... only thing... it work only on Firefox and Opera browser only, but not working on Internet Explorer...

i edited the case too... but seems the output still the same. I can download the file nicely using Firefox and Opera.... but not IE...

is it because of the header thing?

Share this post


Link to post
Share on other sites
No, the script that I first posted works fine in IE 6, FF and Opera.

I am not sure why it is not working for you. do you get any errors?

Share this post


Link to post
Share on other sites
Maybe you should have a look at the link posted by AndyB It will walk you through the download headers.

Share this post


Link to post
Share on other sites
okay... i fixed the problem... after reading some articles in the net... here is the code i'm using

[code=php:0]
switch($_GET['action']) {
 
  case "free":
if ($_SERVER['HTTP_REFERER'] !== "http://mydomain.com/") {
      header("HTTP/1.1 404 Not Found");
  }
$dir="/var/www/vhosts/mydomain.com/httpdocs/storage/files/";
$filename = $dir.$_GET['file'];

if (isset($_REQUEST['file']) && file_exists($filename) ) {

header("HTTP/1.1 200 OK");
header("Status: 200 OK");
header('Pragma: private');
header('Cache-control: private, must-revalidate');
header('Content-type: application/force-download');
    header( "Content-Disposition: attachment; filename=".basename($filename));
header('Content-Length: ' . filesize($filename));
header( "Content-Description: File Transfer");
readfile($filename);
} else {
   echo 'No file with this name for download.';
}
break;
 
     }

[/code]

it was the IE bug after all... so at least this one work with my browser...

Share this post


Link to post
Share on other sites
I'm in a similar situation as the orginal poster. I've read his solution but do not know where to put the code he recommened.

For what it's worth, I have a website that only users have access to so they can download a zip file. However, if someone else knows the url of this zip file, this person can download the file without logging in.

Can someone suggest me what to do?

Thanks,
Janet.

Share this post


Link to post
Share on other sites
hi iaow,

I guess, what you need to do, is to add up the code to check the session only, meaning, the url will be function only when the session true.

what i would do, is just to add up another function to process the session before they can process the url...

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.