hide url download path

[ecabrera]

I want people to download some of my files i have but i dont want them to know the path to all the files for example i have this right now

<a href='files/filename.php' download>Download</a>

files is where i store all my files i dont want that to show but it has to inorder for the file to get download is there any other way to do this

[MDCode]

Just set a get variable and if it's set then download using readfile()

[ecabrera]

SocialCould

 

What do you mean?

[Ninjakreborn]

Here is my recommendation. Create a standard file and name it something like... "download.php".

Then setup the download trigger from there. So basically for every file you want to download,  you could database some basic information.  Like... File name, file path, file Reference Number. Then on the download.php file you would access the file via the reference number only, which would in turn use PHP to trigger the file download.

 

For example, a file named: test.mp4. You could save it in the database as 'test.mp4', '/files/downloads/test.mp4', '1001'. Then on the download link it would be "download.php?reference_id=1001" then use PHP to find that specific file path/name, and then perform the download via PHP.

 

In regards to triggering the download, many tutorials can be found online for that: https://www.google.com/search?q=trigger+download+via+php&oq=trigger+download+via+php&aqs=chrome..69i57j0l2.4190j0j1&sourceid=chrome&espv=210&es_sm=122&ie=UTF-8

[ecabrera]

OK here is my code to understand more

<?php
	
	$get = $_GET['code'];

	if(!empty($get)){
	
	require "script/db.ini.php";
	
		$select = "SELECT * FROM files WHERE code='$get'";
		$return = mysqli_query($db,$select);
		
		$row = mysqli_fetch_assoc($return);

		$name = $row['name'];
		$code = $row['code'];
		$size = $row['size'];
		$date = $row['date'];
		
		if($get !== $code){
		
		header("Location: http://website.me");
		
		}else{
		
		echo "<a href='myfilepath/$name' download>Download</a>";

		}

	}else{
		header("Location: http://website.me");
	}

?>

As you can see i have to include my dir path to download the file but i dont what the users to see this how can i make it so the i will only show the file name

[ecabrera]

I cant seem to hide the path. Any experience programmers have any idea how to get around this. 

[mac_gyver]

if you don't want your files to be directly accessible (i.e. you would like to control who can access them, how many times they can be downloaded, throttle the speed, ...) you need to do two things -

 

1) place the files into a folder that cannot be directly accessed via any client/server protocol. you can either make a 'private' folder outside of your document root folder, which by definition/design won't serve up the files in it due to any external requests or you need to put a .htaccess file into a public folder containing the files to prevent direct external requests to the files.

 

2) dynamically output the files using a server-side script, i.e. php. at this point, this is a repeat of what Ninjakreborn has suggested.

 

the download link will be to your .php script that is performing step #2. that php script will enforce any requirements you need, such as only allowing logged in users to download specific files they have permission to access, then it will find the appropriate file based on the id it was passed in the url, then it will output the appropriate headers to cause the file to be downloaded, then it will finally read the file from the protected location and output it to the browser.

Edited November 26, 2013 by mac_gyver

[Barand]

Don't out put the link with the path, down load the selected file. The only link you expose is

<a href="download.php?code=1001">Download me</a>

and download.php would now look like

<?php

    $get = $_GET['code'];

    if(!empty($get)){
    
    require "script/db.ini.php";
    
        $select = "SELECT * FROM files WHERE code='$get'";
        $return = mysqli_query($db,$select);
        
        $row = mysqli_fetch_assoc($return);

        $name = $row['name'];
        $code = $row['code'];
        $size = $row['size'];
        $date = $row['date'];
        
        if($get !== $code){
        
        header("Location: http://website.me");
        
        }else{
        
            //
            // download the file
            //
            header("Content-Type: application/octet-stream");
            header('Content-Disposition: attachment; filename="'.$name.'"');
            header("Content-Transfer-Encoding: binary");
            header('Pragma: no-cache');
            header('Expires: 0');
            readfile("myfilepath/$name");
        }

    }else{
        header("Location: http://website.me");
    }
?>

[dalecosp]

One more thing to remember:  the "output" script must send a valid MIME type.

Here's a snippet from something in use here:

 

$file=$path."somename.pdf";header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the pastheader("Content-type: application/pdf");readfile($file);

Since you appear to be reading file info from your database, your database should probably also contain a MIME type (or marker for MIME type) unless the files are all the same type (text, pdf, whatever)...

 

[edit]I see Barand has just now addressed this in his example.[/edit]

Edited November 26, 2013 by dalecosp

[ecabrera]

Barand

 

How would i display this

<a href="download.php?code=1001">Download me</a>

so people can click the download link instead of downloading it automatic. Im using .htaccess to change the download.php?code=1001 so it would look like this mywebsite.me/orfo4 i dont know if this changes everything