A PHP Script to Let Users Download a File from My Website Without Revealing the Actual File Link in My Website

A PHP script to let users download a file from my website without revealing the actual file link in my website?

Find a way to identify the file to download (for instance, a GET variable that matches the ID of a row in a database, or something along these lines). Make damn sure it's a valid one, because you don't want your users to be able to download anything off your site. Then, use header with Content-Disposition to tell the browser the file should be downloaded, and readfile to output it.

For instance:

<?php

$id = intval($_GET['id']);
$query = mysql_query('SELECT file_path FROM files WHERE id = ' . $id);
if (($row = mysql_fetch_row($query)) !== false)
{
    header('Content-Disposition: attachment; filename=' . basename($row[0]));
    readfile($row[0]);
}
exit;

?>

PHP: Let user download purchased file ONLY

When they make the payment, store the ID of the download available to them, and a random hash - both in the payment table. Use that hash to then get the ID. The hash should then never relate to a specific product, but instead to a payment.

php script to download files from a remote URL to the user's computer directly

You could achieve this by using the following PHP:

$file_name = $_GET['filename'];
$file_url = 'http://path_to_audio_folder.com/' . $file_name;
header('Content-Type: application/octet-stream');
header("Content-Transfer-Encoding: Binary"); 
header("Content-disposition: attachment; filename=\"".$file_name."\""); 
readfile($file_url);
exit;

You could then call it from your script like: download.php?filename=my_song.mp3 and it would be forced as a download to your visitor clicking on it.

Secure file download in PHP, deny user without permission

from readfile php doc

if (file_exists($file)) {
    header('Content-Description: File Transfer');
    header('Content-Type: application/octet-stream');
    header('Content-Disposition: attachment; filename='.basename($file));
    header('Content-Transfer-Encoding: binary');
    header('Expires: 0');
    header('Cache-Control: must-revalidate');
    header('Pragma: public');
    header('Content-Length: ' . filesize($file));
    ob_clean();
    flush();
    readfile($file);
    exit;
}

A PHP script to let users download a file from my website without revealing the actual file link in my website?

Find a way to identify the file to download (for instance, a GET variable that matches the ID of a row in a database, or something along these lines). Make damn sure it's a valid one, because you don't want your users to be able to download anything off your site. Then, use header with Content-Disposition to tell the browser the file should be downloaded, and readfile to output it.

For instance:

<?php

$id = intval($_GET['id']);
$query = mysql_query('SELECT file_path FROM files WHERE id = ' . $id);
if (($row = mysql_fetch_row($query)) !== false)
{
    header('Content-Disposition: attachment; filename=' . basename($row[0]));
    readfile($row[0]);
}
exit;

?>

create hidden path to a file

You can call a php file to download the image and not the real image/path.

Like this you can call the real path inside your php file with something like:

$path = "/public_html/yourPath/";

if (! isset($_GET['img'])) {
    die("Invalid URL");
}

$imageName = filter_var($_GET['img'], FILTER_SANITIZE_STRING);
$finalPath = $path.$imageName;

header('Content-type: octet/stream');
header('Content-Type: image/jpg');
header("Content-Disposition: attachment; filename=$finalPath;");
readfile($finalPath);

You can read more about it here.

Download file using php script, one at time

Moving the comment down here for anyone interested.

The function that I had to come up with was a unique download link after a payment had been processed. These are the steps that were taken.

• Process the Payment and capture IP address, file and path of the downloadable file - save this information to the database.
• Once payment has been deducted successfully, trigger a function that generates a unique token, e.g: sha1(microtime().$transactionid), and save this to the database (note: please don't use microtime() in production, use a random string generator).

• Using .htaccess we generated a download link, e.g.: http://domain.com/download/<token> the .htaccess contents:

  RewriteRule ^download/([a-z0-9-]) /download.php?token=$1
  

• Optional: If their IP matches what we have in the database, go ahead and allow the user to download the file. If it doesn't, we ask the user to log in so we can update their IP address and begin downloading.
• Once you have the token, you can pretty much do any form of validation you would like from here, such as preventing multiple downloads by adding a column in the database download_downloaded INT(1) DEFAULT 0 where if it is set to 1, then it has been downloaded. I would suggest giving the user about a day before locking them out after downloading, just in case their file was corrupt in the process.
• Any other additional items, such as download counter etc.
• Finally use your code above after to start the download. I would have it structured a little differently though.

download.php

$token = $_GET['token'];
$allow_download = FALSE; // Can never be too careful..

...
//Database lookup to get the file ID
...

$file = "c:/test.avi"; // now from the database call
$title = "Test Video";

// Do any additional validation here
// returns TRUE or FALSE (Boolean) -- Custom function to query the database
$allow_download = check_if_downloadable('user_id', 'file_id', 'token_id');
record_download('user id', 'file id');

// After validation is complete, allow them to download
if ($allow_download === TRUE){
    header("Pragma: public");
...

If a user lost their download link (as it has happened many times), we show their download link on their member home page once they have logged in, and they can start downloading again (if you allow it).

I hope this helps. I'm sorry that I can't give out some code examples at this time.

Most of this is just querying the database.

---

Related Topics