[SOLVED] Hiding URL on Windows IIS using PHP

[ali_kiyani]

Hello,

I am developing a small application in PHP on Windows IIS. Using this application users can upload a file and then send the URL to another user so he/she can download the file.
I want to know as to how can I hide the URL of uploaded file from users!? Further more how can I make sure that they can't access the file directly!
One more thing is I want JPEG, TXT and other files which can be opened directly in a browser to be downloaded just like ZIP, EXE and other files when some user clicks on the URL.

These are the techniques used by all email provides like Hotmail, Yahoo and Google where you cannot see the URL of attached file and when you click on it, it downloads the file irrespective of its extension. Similarly you cannot directly access the file by typing it in browser.

Thanks

Ali

[Jenk]

When you move the file, move it to a directory outside of (and above) the document root. Use a script to fetch and serve the files, instead of serving them directly.

[ali_kiyani]

Yes this is a very good solution.
I did this and it worked...it solved the problem of hiding the URL and direct access of file
To force file download I used Content-Disposition: attachment and every thing is in order now.


Here is the sample code for others.

[code]<?
    if(isset($HTTP_GET_VARS['file']))
    {
        $myfile = $HTTP_GET_VARS['file'];
        header('Content-Type: application/octet-stream');
        header('Content-Disposition: attachment; filename='. $myfile);
        readfile("../../". $myfile); //you need to change this code according to your directory structure
    }
?>

<a href="testdownload.php?file=php_icon.gif">Click</a>

<!--
In the above line replace php_icon.gif filename with PHP variable containing file name.
-->[/code]