I have an EXE file on the server.
I want to give access only those who has register
After registration I send them and download link like .
download.php?id=154545
I checked in that file that user has register then allowed user o download file.
while file is downloading User can get the exact file path of the server How I can make it secure
if use put the direct path in the server it should not be download.
Thanks
This is generally done with a "file server" script. It would do whatever checking you want to do that it is a valid user/request, and then read the actual file and output it as a download. The basic pattern would be something like:
<?php
session_start(); // if needed to validate user
if(<whatever you want to do to validate the request>)
{
$file = 'path/to/file.exe';
header('Content-Length: ' . filesize($file));
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . basename($file) . '"');
header('Content-Transfer-Encoding: binary');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
readfile($file);
exit; // make sure nothing else gets output
}
else
{
echo "Not authorized";
}
?>
Doing same but how to prevent the hotlink when user know where the exact file is located
Thanks
Make sure the actual file is in a directory that does not allow direct HTTP access, either by a web server setting in that directory via .htaccess (if Apache), or simply storing the file in a directory not within the web document root directory tree (as long as it's still readable by your PHP script that won't matter to it).
I have to secure only one exe file to secure .
any idea what wil be in the .htacess file.
I think it would be like this (but I am not an Apache expert):
<files file_name.exe>
order allow,deny
deny from all
</files>