Jump to content

question about hidding the location of a download.


tomfmason

Recommended Posts

I have some downloadable zip files and am wanting to hide the location. I tried a simple switch statment and it still displays the location of the file when downloading it.

here is what I have tried
[code] <?php
function getaction($action) {
    switch($action) {
        case "download":
$filename = $_GET['filename'];
header("Location: http://www.mysite.com/test/$filename");
        break;
    }
}
getaction($_GET['action']);      
?>[/code]

This realy does nothing. It brings up the requested file but you can still see the location in the bottom of the browser.

I am wanting to change the message from downloading from site : http://www.mysite.com/test/test.zip to something like downloading: test.zip. Is this possible?

Thanks,
Tom
Link to comment
Share on other sites

Could I use mode_rewrite to omit the directory that the zip is located in. For example it would say
[code]Downloading from site: http://www.mysite.com/test.zip[/code]

versus

[code]Downloading from site: http://www.mysite.com/test/test.zip[/code]

So if someone is trying to use a cgi script to bypass my .htacess file then they will get a file not found error.

Any suggestions would be great.
Tom
Link to comment
Share on other sites

hope this helps.

try it before knock it lol................


index.php
[code]
<html>
<title>download me</title>
<body>
<table align="center">
<td>
Please download our free 5 files!
<br><br>
<a href="download.php?cmd=download1">download file 1</a>
<br><br>
<a href="download.php?cmd=download2">download file 2</a>
<br><br>
<a href="download.php?cmd=download3">download file 3</a>
<br><br>
<a href="download.php?cmd=download4">download file 4</a>
<br><br>
<a href="download.php?cmd=download2">download file 5</a>
<td>
</table>
</html>
</body>
[/code]




download.php
[code]

<?php

if($_GET['cmd']=="download1"){

$file = test.txt;

header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

header("Content-Type: application/force-download");
header( "Content-Disposition: attachment; filename=".basename($file));

header( "Content-Description: File Transfer");
@readfile($file);

header("loacation: index.php");

}

if($_GET['cmd']=="download2"){

$file = test.txt;

header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

header("Content-Type: application/force-download");
header( "Content-Disposition: attachment; filename=".basename($file));

header( "Content-Description: File Transfer");
@readfile($file);

header("loacation: index.php");

}

if($_GET['cmd']=="download3"){

$file = test.txt;

header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

header("Content-Type: application/force-download");
header( "Content-Disposition: attachment; filename=".basename($file));

header( "Content-Description: File Transfer");
@readfile($file);

header("loacation: index.php");

}


if($_GET['cmd']=="download4"){

$file = test.txt;

header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

header("Content-Type: application/force-download");
header( "Content-Disposition: attachment; filename=".basename($file));

header( "Content-Description: File Transfer");
@readfile($file);

header("loacation: index.php");

}


if($_GET['cmd']=="download5"){

$file = test.txt;

header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

header("Content-Type: application/force-download");
header( "Content-Disposition: attachment; filename=".basename($file));

header( "Content-Description: File Transfer");
@readfile($file);

header("loacation: index.php");

}
[/code]
Link to comment
Share on other sites

Thanks guys here is a copy of the working code. I have yet to add the paid case but it works just fine.

[code]
<?php
session_start();
function getaction($action) {
     switch($action) {
           case "download":
    function getdownload($type) {
         switch($type) {
  case "free":
      /*This checks to see if the request for this file came from your site and if not it will through up a File not found error*/
      if ($_SERVER['HTTP_REFERER'] !== "http://yoursite.com/somepage.php") {
          header("HTTP/1.1 404 Not Found");
      }
      //this checks to see if the user is logged in or not
      if (!$_SESSION['username']) {
           echo "You must be a member to download this file<br />";
           include("test.html");
           exit;
      }
      $filename =  $_GET['filename'];
      header("Pragma: public");
                               header("Expires: 0");
                               header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

                               header("Content-Type: application/force-download");
                               header( "Content-Disposition: attachment; filename=".basename($filename));

                               header( "Content-Description: File Transfer");
                               header('Accept-Ranges: bytes');
     header('Content-Length: ' . filesize($filename));
    @readfile($filename);
             break;
         }
    }
    getdownload($_GET['type']);
           break;
     }
}
getaction($_GET['action']);    
?>[/code]

Thanks again,
Tom

[b]#Edit[/b] Why does the layout get all screwed up when I post it? This looks like a blind man coded it.
Link to comment
Share on other sites

  • 1 month later...
[quote author=tomfmason link=topic=104071.msg414974#msg414974 date=1155473882]
Thanks guys here is a copy of the working code. I have yet to add the paid case but it works just fine.

[code]
<?php
session_start();
function getaction($action) {
     switch($action) {
           case "download":
    function getdownload($type) {
         switch($type) {
  case "free":
      /*This checks to see if the request for this file came from your site and if not it will through up a File not found error*/
      if ($_SERVER['HTTP_REFERER'] !== "http://yoursite.com/somepage.php") {
          header("HTTP/1.1 404 Not Found");
      }
      //this checks to see if the user is logged in or not
      if (!$_SESSION['username']) {
           echo "You must be a member to download this file<br />";
           include("test.html");
           exit;
      }
      $filename =  $_GET['filename'];
      header("Pragma: public");
                               header("Expires: 0");
                               header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

                               header("Content-Type: application/force-download");
                               header( "Content-Disposition: attachment; filename=".basename($filename));

                               header( "Content-Description: File Transfer");
                               header('Accept-Ranges: bytes');
     header('Content-Length: ' . filesize($filename));
    @readfile($filename);
             break;
         }
    }
    getdownload($_GET['type']);
           break;
     }
}
getaction($_GET['action']);    
?>[/code]

Thanks again,
Tom

[b]#Edit[/b] Why does the layout get all screwed up when I post it? This looks like a blind man coded it.
[/quote]

how can I define the location of the file using this code? cause  i can't see anything defining the location of the file.

for example i want to put it in http://mydomain.com/storage/files/file.zip

thanks  a lot.
Link to comment
Share on other sites

Wow this is a old post that you brought to life.  All you have to do is
change

[code=php:0]
$filename =  $_GET['filename'];
[/code]

to

[code=php:0]
$filename = "/path/to/" . strip_tags($_Get['file']);
[/code]

Or you could just pass something like the file id number and then do a sql query to get the rest of the data.

Another thing that I added at the end is:

[code=php:0]
$action = $_GET['action'];
$validActions = array('something', 'somethingElse');
if (!in_array($action, $vaildActions) {
    echo "invalid action";
}
getaction($action);
[/code]


Good Luck,
Tom

Link to comment
Share on other sites

okay... i got the path to work on Firefox and Opera... but using the same code, i'm  having trouble to get the file using Maxthon or IE.

this is the code i use.

[code]
<?php

switch($_GET['op']){


case "free";

if ($_SERVER['HTTP_REFERER'] !== "http://mydomain.com/?p=download&pg=free") {
          header("HTTP/1.1 404 Not Found");
      }
 
$filename = "/var/www/vhosts/mydomain.com/httpdocs/storage/files/" . strip_tags($_GET['file']);

header("Pragma: public");
            header("Expires: 0");
            header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

            header("Content-Type: application/force-download");
            header( "Content-Disposition: attachment; filename=".basename($filename));

            header( "Content-Description: File Transfer");
            header('Accept-Ranges: bytes');
    header('Content-Length: ' . filesize($filename));
    @readfile($filename);

echo $filename;
break;
}
?>
[/code]
this code is in download.php

i use

http://mydomain.com/download.php?op=free&file=file.zip as the link to get this function.

thanks a lot  up front..


p.s: I hope i'm using this forum correctly by opening old topic that reflect to my problem.
Link to comment
Share on other sites

There are a couple things that I see wrong with this.

First [code=php:0]case "free";[/code] should be [code=php:0]case "free":[/code]

Second.. Where is the action function.. I see that you are using the url like this. whatever.php?action=download&pg=free

Well I see that you have not defined the pg function ether.

Like I said, may way is not the only way but I perfer it like this.

[code=php:0]
function getaction($action) {
    switch($action) {
        case "download":
             function getpg($pg) {
                  switch($pg) {
                       case "free":
                          //do your downloading here
                       break;
                  }
              }
              getpg($_GET['pg']);
         break;
     }
}
getaction($_GET['action']);
[/code]

Good Luck,
Tom
                   

Link to comment
Share on other sites

Also, If you are only going to have one type of download, then you do not need the switch statement.

The only reason that I have mine this way is that I have it in a process.php that does most of my processing. Like logins, logout, live chat support, ext.

just do something like this.
[code=php:0]
$file = "path/to/" . strip_tags($_GET['file']);
if (!$file) {
  echo "Something";
}
//now you can place the header info here
[/code]

Good Luck,
Tom
Link to comment
Share on other sites

actually... about the pg thing... it was for HTTP_REFERER only... from where the file requested. so the case not included on download.php

like i said before... the  code do work already... only thing... it work only on Firefox and Opera browser only, but not working on Internet Explorer...

i edited the case too... but seems the output still the same. I can download the file nicely using Firefox and Opera.... but not IE...

is it because of the header thing?
Link to comment
Share on other sites

okay... i fixed the problem... after reading some articles in the net... here is the code i'm using

[code=php:0]
switch($_GET['action']) {
 
  case "free":
if ($_SERVER['HTTP_REFERER'] !== "http://mydomain.com/") {
      header("HTTP/1.1 404 Not Found");
  }
$dir="/var/www/vhosts/mydomain.com/httpdocs/storage/files/";
$filename = $dir.$_GET['file'];

if (isset($_REQUEST['file']) && file_exists($filename) ) {

header("HTTP/1.1 200 OK");
header("Status: 200 OK");
header('Pragma: private');
header('Cache-control: private, must-revalidate');
header('Content-type: application/force-download');
    header( "Content-Disposition: attachment; filename=".basename($filename));
header('Content-Length: ' . filesize($filename));
header( "Content-Description: File Transfer");
readfile($filename);
} else {
   echo 'No file with this name for download.';
}
break;
 
     }

[/code]

it was the IE bug after all... so at least this one work with my browser...
Link to comment
Share on other sites

  • 6 months later...
I'm in a similar situation as the orginal poster. I've read his solution but do not know where to put the code he recommened.

For what it's worth, I have a website that only users have access to so they can download a zip file. However, if someone else knows the url of this zip file, this person can download the file without logging in.

Can someone suggest me what to do?

Thanks,
Janet.

Link to comment
Share on other sites

hi iaow,

I guess, what you need to do, is to add up the code to check the session only, meaning, the url will be function only when the session true.

what i would do, is just to add up another function to process the session before they can process the url...
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.