Page 1 of 1

Make A DownLoad Page ... Help???

Posted: Fri Nov 13, 2009 8:51 pm
by trazan
hi every body
sorry cuz my english is not perfect
i try to make a download page
1- i uploaded a file by th FTP
2- i enterd the place ( path ) of the file in a table on the data base
now i want to make a download page but pervent users from knowing the url of the file
like rapidshre.com i can't copy the Direct Download link and share it with other people
i use this code

Code: Select all

<?
    $filename = '55.zip';
        $data = file_get_contents('55.zip') ;
        if($data)
        {
            $_SESSION['downloadfile'] = $filename;
                header("Content-Disposition: attachment; filename=$filename");
                echo $data;
        }
?>
But If Some One Clicked On The DownLoad Right Click ( On FireFox ) And Choise Copy Download Link He Can Share The Direct Link With Others And he will put in his for example and every body will download it without enter my site
but in rapidshre or hotfile .... etc ihe can't do that
any one can help me????

[/b]

Re: Make A DownLoad Page ... Help???

Posted: Tue Nov 17, 2009 7:17 am
by iankent
At the top of the page start a session and check whether a specific key is set, e.g.

Code: Select all

session_start();
if(!isset($_SESSION['hello']) {
    // redirect user to another page or display something
    // once they've viewed whichever page you want, make sure to set $_SESSION['hello'], e.g.
    $_SESSION['hello'] = 1;
    header('Location: /index.php');
    exit();
}
// session variable 'hello' exists, so we're ok to download file
 
that way, if somebody copies the link and sends it to somebody else, the 'hello' session variable doesn't exist yet so the user is redirected to wherever you want. If somebody has visited the site before, or if they've been redirected to the other page, the 'hello' variable exists in $_SESSION and so it should be ok to give the file.

not fail safe, but should do the trick

Re: Make A DownLoad Page ... Help???

Posted: Tue Nov 17, 2009 8:25 am
by Weiry
Your other alternative to having to initiate a session, would be to use a $_POST value.

On rapidshare for example, you can go to the link. It will display some numbers/letters you need to enter.
Then you send that information to the download page.

Code: Select all

# Page1 - Input.php
print "Please type in the phrase you see: (captcha code)<br/>
<form action='download.php?id={$_GET['id']}' method='post'>"; // where $_GET['id'] is the id number of your download file.
// you could leave the ID as a GET value so that they can link to the FILE URL, but not the FILE LOCATION.
print "
<input type='text' size='7' name='captchaCode'/><br/>
<input type='submit' value='Download' name='dlAuth'/>
</form>";
 
# Page 2 - checkSubmit.php
function checkCaptcha($captchaCode,$fileID){
   if(CAPTCHA CODE && FILEID ARE CORRECT){
      // do the download
      return true
   }else{
      // return captcha error
      return false;
   }
}
 
# Page 3 - Download.php
require_once("checkSubmit.php");
if(checkCaptcha($_POST['captchaCode'],$_GET['id'])){
   //do the download
}else{
   // redirect
}
I won't go into how to go about how you could do your checks, but this is another solution. This solution may very well be harder to implement, but also provides a little more security over simple sessions. This would mean that if a person has visited the site before, they will still need to input the verification text on the input page.