Special Anti Leech stuff...

Residue

I know when a user downloads it's possible to change the filename to what the file is on the server using:

Header( "Content-Disposition: blah blah");

But I was wondering if for maximum effect if it would be possible to do something similar (or even if it isn't similar) in order to change the url the file is being downloaded from like... in the internet explorer download prompt it would say "downloading "fake file name" from "fake file url".

Is there any way, anyway at all, to do this?

Residue

Oh and I already checked the php.net manual on headers, If it was there then I guess I just need a dumbed down explanation of it. Any help at all is greatly appreciated.

planetsim

I dont think its possible to have fake file name as well as url.

Weedpacket

Awfully difficult I'd've thought: the browser will be telling you the URL it's getting the file from and why would it have any reason to lie (and why would browser manufacturers add such a thing)?

The other question of course is why one would want to fake the URL.

planetsim

Sounds to me like he wants to not show where the file is located. But by doing this, in theory it would create a file if any, thats empty and pretty much a waste of time in doing so..

practically it just doesnt work. The browser is told what to do. If it cannot in your case find the file it will go to the 404 error.

Residue

Well the anti leech script protects the full url but you still get some info in the download prompt, and even with the anti leech script I had I'm still getting referals on the files from unkown sites directly to the files, I thought about password protecting and stuff but I figured it'd help a little if I could show as little information as possible.

Would it be possible to make the download url be the url of where the php script is and not where the file is? That way I could put the files on one subdomain, and the script on another.

If that's still not plausable, would it be possible to put a php file in a directory to monitor all the files in that and only allow certain urls as referers? I know how to do that through the script but somehow people are still getting the raw (and unprotected) urls of the files.

superwormy

You could have a form POST to a PHP script, then have teh PHP script readfile() or fopen(), print(), fclose() the contents of the file...

Store the files outside of the www/ or htdocs/ directory, so they can't access it without POSTing to a PHP form, which then sends them the filestream for that particular file.

Make sure you send the right Content-type header()'s too.

Weedpacket

Originally posted by superwormy
You could have a form POST to a PHP script, then have teh PHP script readfile() or fopen(), print(), fclose() the contents of the file....

This is what I would go with as well. There's no real need why URLs have to link directly to files at all: your server can do anything you want when it receives a URL - up to and including refusing to satisfy the request. It certainly doesn't have to find a file with the same name in the same path and send that back - that is just the very simplest application of URLs.

The thing is, there still is nothing to prevent people from just writing a POST request that mimics exactly what your form would send. But simple session-handling will take care of that. Start a session on the form page and make sure the session still exists in the file download page.

superwormy

Amen to Weedpacket the physcoantichrist