Jump to content

Recommended Posts

I want people to download some of my files i have but i dont want them to know the path to all the files for example i have this right now

<a href='files/filename.php' download>Download</a>

files is where i store all my files i dont want that to show but it has to inorder for the file to get download is there any other way to do this

Link to comment
https://forums.phpfreaks.com/topic/284272-hide-url-download-path/
Share on other sites

Here is my recommendation. Create a standard file and name it something like... "download.php".

Then setup the download trigger from there. So basically for every file you want to download,  you could database some basic information.  Like... File name, file path, file Reference Number. Then on the download.php file you would access the file via the reference number only, which would in turn use PHP to trigger the file download.

 

For example, a file named: test.mp4. You could save it in the database as 'test.mp4', '/files/downloads/test.mp4', '1001'. Then on the download link it would be "download.php?reference_id=1001" then use PHP to find that specific file path/name, and then perform the download via PHP.

 

In regards to triggering the download, many tutorials can be found online for that: https://www.google.com/search?q=trigger+download+via+php&oq=trigger+download+via+php&aqs=chrome..69i57j0l2.4190j0j1&sourceid=chrome&espv=210&es_sm=122&ie=UTF-8

OK here is my code to understand more

<?php
	
	$get = $_GET['code'];

	if(!empty($get)){
	
	require "script/db.ini.php";
	
		$select = "SELECT * FROM files WHERE code='$get'";
		$return = mysqli_query($db,$select);
		
		$row = mysqli_fetch_assoc($return);

		$name = $row['name'];
		$code = $row['code'];
		$size = $row['size'];
		$date = $row['date'];
		
		if($get !== $code){
		
		header("Location: http://website.me");
		
		}else{
		
		echo "<a href='myfilepath/$name' download>Download</a>";

		}

	}else{
		header("Location: http://website.me");
	}

?>

As you can see i have to include my dir path to download the file but i dont what the users to see this how can i make it so the i will only show the file name

if you don't want your files to be directly accessible (i.e. you would like to control who can access them, how many times they can be downloaded, throttle the speed, ...) you need to do two things -

 

1) place the files into a folder that cannot be directly accessed via any client/server protocol. you can either make a 'private' folder outside of your document root folder, which by definition/design won't serve up the files in it due to any external requests or you need to put a .htaccess file into a public folder containing the files to prevent direct external requests to the files.

 

2) dynamically output the files using a server-side script, i.e. php. at this point, this is a repeat of what Ninjakreborn has suggested.

 

the download link will be to your .php script that is performing step #2. that php script will enforce any requirements you need, such as only allowing logged in users to download specific files they have permission to access, then it will find the appropriate file based on the id it was passed in the url, then it will output the appropriate headers to cause the file to be downloaded, then it will finally read the file from the protected location and output it to the browser.

Edited by mac_gyver

Don't out put the link with the path, down load the selected file. The only link you expose is

<a href="download.php?code=1001">Download me</a>

and download.php would now look like

<?php

    $get = $_GET['code'];

    if(!empty($get)){
    
    require "script/db.ini.php";
    
        $select = "SELECT * FROM files WHERE code='$get'";
        $return = mysqli_query($db,$select);
        
        $row = mysqli_fetch_assoc($return);

        $name = $row['name'];
        $code = $row['code'];
        $size = $row['size'];
        $date = $row['date'];
        
        if($get !== $code){
        
        header("Location: http://website.me");
        
        }else{
        
            //
            // download the file
            //
            header("Content-Type: application/octet-stream");
            header('Content-Disposition: attachment; filename="'.$name.'"');
            header("Content-Transfer-Encoding: binary");
            header('Pragma: no-cache');
            header('Expires: 0');
            readfile("myfilepath/$name");
        }

    }else{
        header("Location: http://website.me");
    }
?>

One more thing to remember:  the "output" script must send a valid MIME type.

Here's a snippet from something in use here:

 

$file=$path."somename.pdf";header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the pastheader("Content-type: application/pdf");readfile($file);



Since you appear to be reading file info from your database, your database should probably also contain a MIME type (or marker for MIME type) unless the files are all the same type (text, pdf, whatever)...

 
[edit]I see Barand has just now addressed this in his example.[/edit]
Edited by dalecosp
Barand

 

How would i display this

<a href="download.php?code=1001">Download me</a>

so people can click the download link instead of downloading it automatic. Im using .htaccess to change the download.php?code=1001 so it would look like this mywebsite.me/orfo4 i dont know if this changes everything

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.