download once

kante

i have to builduop a php app, that performs the following stuff

1 i have a number of usere who can access the pages with user name and password, and can access this restricted area only once. (and this is ok with me no problem)

2 in this section area they should be able to dwonload a file.zip

now the problem comes.. ok they can access the page only once but they could save the Location link to the zip on my webserver and download it as many times they like...

is there a way to produce a dynamic link.... or give the file directly to the client via php performing some checks?

any idea?

thanks

Weedpacket

kante wrote:
is there a way to produce a dynamic link.... or give the file directly to the client via php performing some checks?

Yes.

any idea?

[man]header[/man]

thanks

You're welcome; of course, if my download breaks halfway through for some reason I'll be pretty annoyed. Either that or I'll just get a copy from my buddy who did manage to download it.

bradgrafelman

Of course, using header() they could still see the absolute path on your server.

If you truly want to restrict this file, put it in a directory with a .htaccess file like so:

Order allow,deny
Deny from all

Then, link to a PHP script that checks if they are allowed to download the file. If so, output the file using [man]readfile/man (or, for less memory consumption, fopen() and fread()) after outputting the appropriate headers (e.g. Content-Disposition).

kante

Weedpacket wrote:
Yes.

[man]header[/man]
.

<?php

function dl_file($file){

//First, see if the file exists
if (!is_file($file)) { die("<b>404 File not found!</b>"); }

//Gather relevent info about file
$len = filesize($file);
$filename = basename($file);
$file_extension = strtolower(substr(strrchr($filename,"."),1));

//This will set the Content-Type to the appropriate setting for the file
switch( $file_extension ) {
      case "pdf": $ctype="application/pdf"; break;
  case "exe": $ctype="application/octet-stream"; break;
  case "zip": $ctype="application/zip"; break;
  case "doc": $ctype="application/msword"; break;
  case "xls": $ctype="application/vnd.ms-excel"; break;
  case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
  case "gif": $ctype="image/gif"; break;
  case "png": $ctype="image/png"; break;
  case "jpeg":
  case "jpg": $ctype="image/jpg"; break;
  case "mp3": $ctype="audio/mpeg"; break;
  case "wav": $ctype="audio/x-wav"; break;
  case "mpeg":
  case "mpg":
  case "mpe": $ctype="video/mpeg"; break;
  case "mov": $ctype="video/quicktime"; break;
  case "avi": $ctype="video/x-msvideo"; break;

  //The following are for extensions that shouldn't be downloaded (sensitive stuff, like php files)
  case "php":
  case "htm":
  case "html":
  case "txt": die("<b>Cannot be used for ". $file_extension ." files!</b>"); break;

  default: $ctype="application/force-download";
}

//Begin writing headers
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public"); 
header("Content-Description: File Transfer");

//Use the switch-generated Content-Type
header("Content-Type: $ctype");

//Force the download
$header="Content-Disposition: attachment; filename=".$filename.";";
header($header );
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".$len);
@readfile($file);
exit;
}

?>

the problem is read file, firstable maybe after 30 seconds it will timeout
second if many are doing this they will put down my php process expecially on WIndows server...

You're welcome; of course, if my download breaks halfway through for some reason I'll be pretty annoyed. Either that or I'll just get a copy from my buddy who did manage to download it.

the imporatant is that they don't have a download url of my site 2 send...

bradgrafelman

Using PHP to output the file's contents seems to be the way to go for your scenario.

You'd solve the timeout problem by using the [man]set_time_limit/man function to disable the max execution time limit.

If you're worried about large memory consumption, do as I said above and replace readfile() with the fopen()/fread() method.