hello,
i have a link in my website to download some file.
i want that users that visiting my website could click on that link and download the file. altough, i want that in the case when someone copies the url of the file and post it in another website that users would cannot download the file from another website which is not my website.
does someone know how can i solve this problem?
thank you!
how to download a file only from my website?
Moderator: General Moderators
- aceconcepts
- DevNet Resident
- Posts: 1424
- Joined: Mon Feb 06, 2006 11:26 am
- Location: London
You could check the referral HOST attempting to access your file
If it is not your host then do not accept request.
Code: Select all
$_SERVER['HTTP_REFERER'];Code: Select all
if ($_SERVER['HTTP_REFERER']=='' || strpos($_SERVER['HTTP_REFERER'],$_SERVER['SERVER_NAME'])==7)
{
//from your site
}
else
{
//from another site
}Code: Select all
function checkDomain(){
$host=apache_request_headers();
$from=$host['Referer'];
if (!$from) return false;
$domain=explode("/",$from);
return($domain[2]==$_SERVER['HTTP_HOST']);
}
if (!checkDomain()) die("Error!");- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
~lnt, your first snippet assumes $_SERVER['HTTP_REFERER'] is always present. The second assumes the server is running Apache and that referral information was transmitted.
---
The referral header is optional, not required. Writing your code to require it may alienate many users. A poor user experience does far more damage than a positive user experience does good.
---
The referral header is optional, not required. Writing your code to require it may alienate many users. A poor user experience does far more damage than a positive user experience does good.
Simple Solution
A simple solution is setting an arbitrary session variable when a user enters your site. Then check for that session variables existence before providing the file. You would of course need to make sure all entry points into your site set this session variable.