block direct links to downloads

Anon

Hi,

I have some downloads in my page but I don't want them to be downloadable if you put the exact address in the address bar in your browser or you put the address on your download manager. What I want is something like in the www.cdcovers.cc page. If you don't know this site i'll explain what I want and then you can check it out and see what I mean. In this page you can download covers for many music cds, games, dvs, etc... Supose you select a cover to download, then the selected cover is totaly displayed in the page (now you can right click and then save as), but if you right click over the image and get it's link from the image properties and the type the link in the address bar, you will not be able to download it. cdcovers.cc will redirect you to page where it says something about the error and one of them is that the script has protection where you can't direct link to the files, you must select what to download and then press the button.

That's what I want to my site. I have some files to download but I don't want that people who download the files get the links and then give them away or put them in their websites, I just want them accessible through my site.

I have no clue how to do this, that's why I need your help. Please tell me what I have to do and wich functions to use. If you know of an easy to understand script tell me where to get it but explain to me in anyway some things because I may not completly understand the script.
Someone told me that I had to get the IP from the person who's visiting the site and then check back with the IP of my site and see if match (or something like that), well, I didn't understand what he meant, that's why I need help and a really good help from the best.
That's why I posted this here in first place.

Thanks in advance, I hope you can help me.

Anon

Hey Waz Goin on Corey not really an expert but i got what your talking about set up on my site using cgi instead of php and it works great. you can download it from http://www.schlabo.com/info/index.shtml it also has step by step instructions on how to install and run.. hope it helps

           ~~!!£¥ÅM!!~~

Anon

ok jus noticed heading started out by stating the ip match thoery sorry all

metin

You could check the value of "HTTP_REFERER"
and depending on what is in there or not take some action!
Look at the following code:

<?php
// The page you want your visitors to come from
$my_referer_page = 'http://www.server.com/referer.php';

// The page you want your visitors to go to in case that they do not come from the above page!
$my_error_page = 'http://www.server.com/error.php';

if ($_SERVER["HTTP_REFERER"] != $my_referer)
{
header ("location: $my_error_page");
}
?>

Anon

that's exactly what I needed, it's imple and easy to use.
just a thing that i think you forgot:

if ($_SERVER["HTTP_REFERER"] != $my_referer) <-- shouldn't be: $my_referer_page ??

thanks

Anon

Yes, it should be!

Anon

One thing I've notice but I forgot to tell:

How does this script block the downloads if I put the exact link of a download in the address bar? If I put the link http://www.domain.com/downloads/file1.zip he will download cuz it's not a php script and he can't check the referer or am I wrong? The script you told me does: I create a page with downloads and if I go direct to the downloads page instead of entering the site through the referer (ie: http://www.domain.com) he wouldn't let download or wouldn't display the links (that would be up to me).

Please explain me if am I worng or right and if i'm right ho can I do what I want?
Thanks

metin

The code you got from will only check if
user comes from a specific place and
then do stuff depending on that!
And, the files you want to protect should be
outside of your http doc root!
You have to implement your self functions for
reading and serving the files to the visitors.
You can use "fread" to read the file into a buffer
and then output it to the visitor with the
appropriate headers.
Look at the following code(2 scripts) for a quick example!
You have to change the appropriate variable to reflect your needs!
These are as said quick and dirty examples that can be
developed further, but I leave this to you!

filename: getFile.php

<?php
// The page you want your visitors to come from
#$my_referer_page = 'http://www.server.com/files/getFile.php';

// The page you want your visitors to go to in case that they do not come from the above page!
// This can be the same as above page if you don't want to show any error message!
#$my_error_page = 'http://www.server.com/files/error.php';

// directory where the files are stored. This should be outside of your http doc root!
$files_dir = '/dir/to/my/files/';

$file_name = $GET["file_name"];
if ($SERVER["HTTP_REFERER"] != $my_referer_page)
{
header ("location: $my_error_page");
}
else if (empty($file_name))
{
echo "No file selected for download! ";
echo "Please go <A HREF=\"$my_referer_page\">back</A> and and select one! ";
}
else
{
$file_path = $files_dir.$file_name;
$fp = fopen ($file_path, "r");
$file_buffer = fread ($fp, filesize ($file_path));
fclose ($fp);

header("Content-type: application/octet-stream");   
header("Content-disposition: attachment; filename=$file_name");   
echo $file_buffer;   
}

filename: file_index.php

<?php
// directory where the files are stored. This should be outside of your http doc root!
$files_dir = 'C:/';

// name of the script that will handle the downloads
$downloadManager = 'getFile.php';

echo "Files available for download: \n";
$handle = opendir("$files_dir");
while (false !== ($file_name = readdir($handle))) {
if ($file_name != "." && $file_name != "..") {
echo "<A HREF=\"$downloadManager?file_name=$file_name\">$file_name</A> \n";
}
}
closedir($handle);
?>