Page 1 of 1
how to download a file only from my website?
Posted: Tue Sep 25, 2007 6:20 am
by yoni ^_^
hello,
i have a link in my website to download some file.
i want that users that visiting my website could click on that link and download the file. altough, i want that in the case when someone copies the url of the file and post it in another website that users would cannot download the file from another website which is not my website.
does someone know how can i solve this problem?
thank you!
Posted: Tue Sep 25, 2007 6:39 am
by aceconcepts
You could check the referral HOST attempting to access your file
If it is not your host then do not accept request.
Posted: Tue Sep 25, 2007 7:02 am
by yoni ^_^
thanks!
can you please write me an example code?
Posted: Tue Sep 25, 2007 7:51 am
by lnt
Code: Select all
if ($_SERVER['HTTP_REFERER']=='' || strpos($_SERVER['HTTP_REFERER'],$_SERVER['SERVER_NAME'])==7)
{
//from your site
}
else
{
//from another site
}
or
Code: Select all
function checkDomain(){
$host=apache_request_headers();
$from=$host['Referer'];
if (!$from) return false;
$domain=explode("/",$from);
return($domain[2]==$_SERVER['HTTP_HOST']);
}
if (!checkDomain()) die("Error!");
Posted: Tue Sep 25, 2007 9:42 am
by feyd
~lnt, your first snippet assumes $_SERVER['HTTP_REFERER'] is always present. The second assumes the server is running Apache and that referral information was transmitted.
---
The referral header is optional, not required. Writing your code to require it may alienate many users. A poor user experience does far more damage than a positive user experience does good.
Simple Solution
Posted: Tue Sep 25, 2007 4:54 pm
by EricS
A simple solution is setting an arbitrary session variable when a user enters your site. Then check for that session variables existence before providing the file. You would of course need to make sure all entry points into your site set this session variable.