Jump to content

Recommended Posts

I'm not a programmer... I hope you can help.

 

I have a downloadable file (e.g. pdf, jpg, mp3) I currently have direct links to the files ie:

<a href="mysite.com/files/sample.pdf">file</a>

What I want to do is not allow the users to be able to grab that link and pass it around. So, I want the link to be one-time urls.

 

I found this code, but I have no idea what I'm supposed to do with it. I think I am supposed to save this as a something.php file. Then, what? And, is there any thing in this code I change to reflect my need? Like where is $file coming from?

<?php
$downloadable = "something random here";
$path = md5($downloadable . $_SESSION['something'] . $_SERVER['REMOTE_ADDR']);

echo "http://download.server.com/" . $path . "/" . $file;
?>
Link to comment
https://forums.phpfreaks.com/topic/281504-generate-random-file-url-links/
Share on other sites

That's only a part of what you would need, and even then I think what it's getting at isn't a good idea.

 

Move the files someplace not web accessible, then make a PHP script which (1) validates that the user is allowed to download the file (which is given in the URL, like the query string) and (2) dumps out the contents of that file if so.

The "dumps out the contents" part looks like

// assuming you have $file = the path to the file to download

header("Content-Type: application/pdf"); // for PDF files, something else for other files
header("Content-Length: " . filesize($file));
header("Content-Disposition: attachment; filename=" . basename($file));
readfile($file);
exit;
As for the "something else", it varies based on the type of file:
  • PDFs = application/pdf
  • MP3s = audio/mp3
  • JPGs = image/jpeg
For images in general you can use getimagesize() and the "mime" it returns.

// grab the file $extension
if (in_array($extension, array("jpg", "jpeg", "gif", "png"))) {
	$info = getimagesize($file);
	$type = $info["mime"];
} else if ($extension == "pdf") {
	$type = "application/pdf";
} // etc
That all will take care of the sharing problem because only people logged in and able to get the file can get it. You don't need one-time URLs.

 

If you really do want one-time URLs (IMO not worth the effort) then you'd also

1. Create a database table that tracks random IDs, the files they're associated with, and whether it's been used or not

2. Insert records when you present a download link

3. Your download script takes one of those random IDs instead of the file, looks up the relevant information, decides whether to allow the download or not, and continues appropriately

Optionally include an expiration time on those random IDs.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.