zeta1600 Posted August 24, 2013 Share Posted August 24, 2013 I'm not a programmer... I hope you can help. I have a downloadable file (e.g. pdf, jpg, mp3) I currently have direct links to the files ie: <a href="mysite.com/files/sample.pdf">file</a> What I want to do is not allow the users to be able to grab that link and pass it around. So, I want the link to be one-time urls. I found this code, but I have no idea what I'm supposed to do with it. I think I am supposed to save this as a something.php file. Then, what? And, is there any thing in this code I change to reflect my need? Like where is $file coming from? <?php $downloadable = "something random here"; $path = md5($downloadable . $_SESSION['something'] . $_SERVER['REMOTE_ADDR']); echo "http://download.server.com/" . $path . "/" . $file; ?> Quote Link to comment Share on other sites More sharing options...
requinix Posted August 24, 2013 Share Posted August 24, 2013 That's only a part of what you would need, and even then I think what it's getting at isn't a good idea. Move the files someplace not web accessible, then make a PHP script which (1) validates that the user is allowed to download the file (which is given in the URL, like the query string) and (2) dumps out the contents of that file if so. The "dumps out the contents" part looks like // assuming you have $file = the path to the file to download header("Content-Type: application/pdf"); // for PDF files, something else for other files header("Content-Length: " . filesize($file)); header("Content-Disposition: attachment; filename=" . basename($file)); readfile($file); exit;As for the "something else", it varies based on the type of file: PDFs = application/pdf MP3s = audio/mp3 JPGs = image/jpeg For images in general you can use getimagesize() and the "mime" it returns. // grab the file $extension if (in_array($extension, array("jpg", "jpeg", "gif", "png"))) { $info = getimagesize($file); $type = $info["mime"]; } else if ($extension == "pdf") { $type = "application/pdf"; } // etcThat all will take care of the sharing problem because only people logged in and able to get the file can get it. You don't need one-time URLs. If you really do want one-time URLs (IMO not worth the effort) then you'd also 1. Create a database table that tracks random IDs, the files they're associated with, and whether it's been used or not 2. Insert records when you present a download link 3. Your download script takes one of those random IDs instead of the file, looks up the relevant information, decides whether to allow the download or not, and continues appropriately Optionally include an expiration time on those random IDs. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.