Download script and folders!

[Wright]

So, I'm using Uber Uploader script (It's known script, google uber upload, on sourceforge) which is great script to upload stuff.

But I'm also gonna need counter-part: the download script.

As mostly everyone should now, having direct link downloads is a bandwith killer. I was wondering how can I make/get a simple script in PHP that doesn't allow direct downloads, people need to go on page and that page then supplies with the download.

 

I have PHP 5 running with FastCGI, support for perl and running on Apache. (If you need to know more to help me please ask)

 

But I also got another problem. My host only allows me to access FTP on my webfolder, the one apache is running on. Great; I can still have files like php5.ini or .htaccess but it doesn't really gives me access to private non-web folders, where I kinda wanted to store the files my users upload.

 

Is there I way I can make a subdirectory under my root webfolder and make it non-accessible to the web, for each file? And that only scripts can access them so that people can download through the PHP script I mentioned above?

 

If you don't get what I'm trying to do here please tell me so. I will try to explain better.

 

Sincerely,

Wright

[simshaun]

To clarify something, it does not really matter if you provide a direct link or pipe a download through a PHP script.  The PHP script will use ~ the same amount of bandwidth as the direct download link.  One of the very few reasons to send files to a user through PHP is if you want to lock downloads down to certain users or if you want to track the number of downloads. If you are doing neither, you may not need to worry about it.

 

As to your other question, you can place an htaccess file in a directory that disables access from the web.  What I would do (if I could not access outside the webroot) is place files in a really obscure directory and store the filename and a unique id in the database.  Let users access download.php?file=1203 in order to download a file so they never have any idea where the file is actually coming from.  Its not 100% secure, but the chances of somebody guessing a folder name such as /files/04509843CXlldl is very slim.

[Wright]

But that means the path will always be the same?... Well what I had in mind was disabling direct downloads in any way (through pasting the link or using download manager) so people have to go download.php?id=xxxx. I can see what you mean but doesn't that allow a user that downloaded it before, just to paste the url on some forums and people just click to download? (Because i'm sure this community will have some popular files). So the downloads will still be public, but make them visit website to download them (even if this way seems to waste more bandwith, users can actually see comments and ratings about file before downloading). Is this possible?

 

And yeah, I would like to track number of downloads, because one of the purposes behind having a file-hosting website (sort by most popular etc).

 

[simshaun]

You could check for a session variable in download.php and redirect if it does not exist.  That would at least force the user to visit your website before downloading.

[Wright]

What if the user goes to example.cm/files/23912392/file.zip, how can I possibly display a 404 error there? I think we are both getting confused here haha.

[Wright]

Found script that will hopefully work. If anyone needs just PM.

[simshaun]

What if the user goes to example.cm/files/23912392/file.zip

That is where the htaccess file comes in.