ecabrera Posted November 26, 2013 Share Posted November 26, 2013 I want people to download some of my files i have but i dont want them to know the path to all the files for example i have this right now <a href='files/filename.php' download>Download</a> files is where i store all my files i dont want that to show but it has to inorder for the file to get download is there any other way to do this Quote Link to comment https://forums.phpfreaks.com/topic/284272-hide-url-download-path/ Share on other sites More sharing options...
MDCode Posted November 26, 2013 Share Posted November 26, 2013 Just set a get variable and if it's set then download using readfile() Quote Link to comment https://forums.phpfreaks.com/topic/284272-hide-url-download-path/#findComment-1460088 Share on other sites More sharing options...
ecabrera Posted November 26, 2013 Author Share Posted November 26, 2013 SocialCould What do you mean? Quote Link to comment https://forums.phpfreaks.com/topic/284272-hide-url-download-path/#findComment-1460089 Share on other sites More sharing options...
Ninjakreborn Posted November 26, 2013 Share Posted November 26, 2013 Here is my recommendation. Create a standard file and name it something like... "download.php". Then setup the download trigger from there. So basically for every file you want to download, you could database some basic information. Like... File name, file path, file Reference Number. Then on the download.php file you would access the file via the reference number only, which would in turn use PHP to trigger the file download. For example, a file named: test.mp4. You could save it in the database as 'test.mp4', '/files/downloads/test.mp4', '1001'. Then on the download link it would be "download.php?reference_id=1001" then use PHP to find that specific file path/name, and then perform the download via PHP. In regards to triggering the download, many tutorials can be found online for that: https://www.google.com/search?q=trigger+download+via+php&oq=trigger+download+via+php&aqs=chrome..69i57j0l2.4190j0j1&sourceid=chrome&espv=210&es_sm=122&ie=UTF-8 Quote Link to comment https://forums.phpfreaks.com/topic/284272-hide-url-download-path/#findComment-1460093 Share on other sites More sharing options...
ecabrera Posted November 26, 2013 Author Share Posted November 26, 2013 OK here is my code to understand more <?php $get = $_GET['code']; if(!empty($get)){ require "script/db.ini.php"; $select = "SELECT * FROM files WHERE code='$get'"; $return = mysqli_query($db,$select); $row = mysqli_fetch_assoc($return); $name = $row['name']; $code = $row['code']; $size = $row['size']; $date = $row['date']; if($get !== $code){ header("Location: http://website.me"); }else{ echo "<a href='myfilepath/$name' download>Download</a>"; } }else{ header("Location: http://website.me"); } ?> As you can see i have to include my dir path to download the file but i dont what the users to see this how can i make it so the i will only show the file name Quote Link to comment https://forums.phpfreaks.com/topic/284272-hide-url-download-path/#findComment-1460095 Share on other sites More sharing options...
ecabrera Posted November 26, 2013 Author Share Posted November 26, 2013 I cant seem to hide the path. Any experience programmers have any idea how to get around this. Quote Link to comment https://forums.phpfreaks.com/topic/284272-hide-url-download-path/#findComment-1460212 Share on other sites More sharing options...
mac_gyver Posted November 26, 2013 Share Posted November 26, 2013 (edited) if you don't want your files to be directly accessible (i.e. you would like to control who can access them, how many times they can be downloaded, throttle the speed, ...) you need to do two things - 1) place the files into a folder that cannot be directly accessed via any client/server protocol. you can either make a 'private' folder outside of your document root folder, which by definition/design won't serve up the files in it due to any external requests or you need to put a .htaccess file into a public folder containing the files to prevent direct external requests to the files. 2) dynamically output the files using a server-side script, i.e. php. at this point, this is a repeat of what Ninjakreborn has suggested. the download link will be to your .php script that is performing step #2. that php script will enforce any requirements you need, such as only allowing logged in users to download specific files they have permission to access, then it will find the appropriate file based on the id it was passed in the url, then it will output the appropriate headers to cause the file to be downloaded, then it will finally read the file from the protected location and output it to the browser. Edited November 26, 2013 by mac_gyver Quote Link to comment https://forums.phpfreaks.com/topic/284272-hide-url-download-path/#findComment-1460216 Share on other sites More sharing options...
Barand Posted November 26, 2013 Share Posted November 26, 2013 Don't out put the link with the path, down load the selected file. The only link you expose is <a href="download.php?code=1001">Download me</a> and download.php would now look like <?php $get = $_GET['code']; if(!empty($get)){ require "script/db.ini.php"; $select = "SELECT * FROM files WHERE code='$get'"; $return = mysqli_query($db,$select); $row = mysqli_fetch_assoc($return); $name = $row['name']; $code = $row['code']; $size = $row['size']; $date = $row['date']; if($get !== $code){ header("Location: http://website.me"); }else{ // // download the file // header("Content-Type: application/octet-stream"); header('Content-Disposition: attachment; filename="'.$name.'"'); header("Content-Transfer-Encoding: binary"); header('Pragma: no-cache'); header('Expires: 0'); readfile("myfilepath/$name"); } }else{ header("Location: http://website.me"); } ?> Quote Link to comment https://forums.phpfreaks.com/topic/284272-hide-url-download-path/#findComment-1460220 Share on other sites More sharing options...
dalecosp Posted November 26, 2013 Share Posted November 26, 2013 (edited) One more thing to remember: the "output" script must send a valid MIME type.Here's a snippet from something in use here: $file=$path."somename.pdf";header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the pastheader("Content-type: application/pdf");readfile($file); Since you appear to be reading file info from your database, your database should probably also contain a MIME type (or marker for MIME type) unless the files are all the same type (text, pdf, whatever)... [edit]I see Barand has just now addressed this in his example.[/edit] Edited November 26, 2013 by dalecosp Quote Link to comment https://forums.phpfreaks.com/topic/284272-hide-url-download-path/#findComment-1460221 Share on other sites More sharing options...
ecabrera Posted November 26, 2013 Author Share Posted November 26, 2013 Barand How would i display this <a href="download.php?code=1001">Download me</a> so people can click the download link instead of downloading it automatic. Im using .htaccess to change the download.php?code=1001 so it would look like this mywebsite.me/orfo4 i dont know if this changes everything Quote Link to comment https://forums.phpfreaks.com/topic/284272-hide-url-download-path/#findComment-1460229 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.