I am rather proficient in php, however the problem I am currently trying to solve is something I have never been faced with before, and thus am looking for the best possible solution for it before trying different things out and potentially failing horribly.
My friend requested my services in creating a website for his band, which will allow customers to a one-time-download of his band’s album.
A lot of ‘indie’ recording labels have websites where you enter a huge code into a webform, and the file (usually a zip) will download to the customer’s computer, I’m sure some (or most) of you have seen sites like this before
Obviously there is a database full of codes and what album/file they correspond to, and the form updates the database and sends the download to the customer’s browser
I am trying to figure out what the best method of doing this would be, and how would I keep the album files secure on the server to prevent unauthorized access to them, how should the database be structured, how should the download portion be handled, etc
It’s a tricky situation, but if done properly can be valuable to many people.
[In advance, thanks for any help/suggestions/links/examples etc]
Secure file downloading
Moderator: General Moderators
Re: Secure file downloading
As you said - assigning unique identifiers to be used and then invalidating it after usage is the way to go.
In order to protect your files from direct access, place them on a directory not accessible from an http request (physically, or by using mod_rewrite), and instead serve the script using PHP.
To do that you just need to output the correct headers (google for 'force download headers') and output the contents of the files using one of php's many file reading functions.
Something like:
In order to protect your files from direct access, place them on a directory not accessible from an http request (physically, or by using mod_rewrite), and instead serve the script using PHP.
To do that you just need to output the correct headers (google for 'force download headers') and output the contents of the files using one of php's many file reading functions.
Something like:
Code: Select all
//$file is a the filename (including path) you want to serve
if(is_readable($file) ) {
header("Content-type: application/force-download");
header("Content-Transfer-Encoding: Binary");
header("Content-length: ".filesize($file));
header("Content-disposition: attachment; filename=\"".basename($file)."\"");
readfile($file);
}
@ pytrin Re: Secure file downloading
Thanks for the help, I've never done this before but it looks straight forward, so I'll give it a try.
Re: Secure file downloading
regarding that, can it be a folder on a website?place them on a directory not accessible from an http request (physically, or by using mod_rewrite),
like http://www.website.com/secure_folder/
and httaccess just prohibits access to the folder, however the php script can access the folder?
im a little foggy on this
ive seen some people are putting files off of the www root on their server, and that seems even more confusing, how would the paths look?
Re: Secure file downloading
We had a short discussion on it in this thread - viewtopic.php?f=34&t=91033
Re: Secure file downloading
hey, thanks for all the help
I gave it a try and everything is running smoothly, a lot easier than I thought.
quick question
would you say mod rewrite is a better method or using a folder that htt has no access like off of the www root
or would you say they are the same and its just a matter of preferance
I gave it a try and everything is running smoothly, a lot easier than I thought.
quick question
would you say mod rewrite is a better method or using a folder that htt has no access like off of the www root
or would you say they are the same and its just a matter of preferance