www.webdeveloper.com
Page 1 of 3 123 LastLast
Results 1 to 15 of 34

Thread: Hiding file location

  1. #1
    Join Date
    Mar 2003
    Posts
    32

    Hiding file location

    How difficult is it to hide the file location from the sourceview and the staus bar view? I want my members to be logged in to use the download prog I'm working on. I don't want them cutting and pasting the link and sending it to others to retreive that are not members.

  2. #2
    Join Date
    Jan 2003
    Location
    Texas
    Posts
    10,413
    Just use a referrer check.

  3. #3
    Join Date
    Mar 2003
    Posts
    32
    Care to elaborate?

  4. #4
    Join Date
    Jan 2003
    Location
    Texas
    Posts
    10,413
    lol, okay... using an if/else statement like this:

    PHP Code:
    if($_SERVER['HTTP_REFERER'] != "http://yoursite.com/file.htm"){
    echo (
    "<font color=\"red\">You do not have access to this page.</font>"); } else {
    echo (
    "Blah, blah, blah<br>Click <a href=\"file.ext\">here</a> to download.");


  5. #5
    Join Date
    Mar 2003
    Posts
    32
    Okay time to show my novice face. How does this stop someone from being at my site and using the direct url to the file, instead of using the download section and logging in?

  6. #6
    Join Date
    Jan 2003
    Location
    Texas
    Posts
    10,413
    Because, if the previous page of the user was not, in this example, http://yoursite.com/file.htm, it would say that you are not allowed to download it (the first echo). However, if you did come from http://yoursite.com/file.htm, you would see a link to download the file. It's not a very secure way, because if the user is logged in you'll have to authenticate that they are logged in as well. Also, if you're using sessions (which is even more secure than cookies), you'll want to authenticate that, too.

  7. #7
    Join Date
    Jan 2003
    Location
    Texas
    Posts
    10,413
    You can also auto-start the download like this:

    PHP Code:
    if($_SERVER['HTTP_REFERER'] != "http://yoursite.com/file.htm"){
    echo (
    "<font color=\"red\">You do not have access to this page.</font>"); } else {
    echo (
    "Blah, blah, blah<br>Click <a href=\"file.ext\">here</a> to download.");
    header("Content-Type: application/x-zip");
    header("Content-Disposition: attachment; filename=yourFile.zip");
    readfile('yourOriginalFile.zip');

    Note that this script would have to be the first thing in your document. Even before the <html> tag, or else you will get an erro: "Headers already sent."

  8. #8
    Join Date
    Mar 2003
    Posts
    32
    Makes sense. Oh well back to scratching my head LOL thanks!

  9. #9
    Join Date
    Jan 2003
    Location
    Texas
    Posts
    10,413
    You're welcome. And by the way, I'm just a novice at PHP, too.

  10. #10
    Join Date
    Feb 2003
    Location
    Britain
    Posts
    1,335
    Although echo will tell the user off, it won't stop the download. You need to use sometihng a bit more powerful, such as die(''). Why not check that they are logged in using cookies; when they log in, they get a cookie, and can download it until they close their browser. Best thing you could do is set up apache (if you are using it) not to allow direct file requests to it.

  11. #11
    Join Date
    Jan 2003
    Location
    Texas
    Posts
    10,413
    Yes, hot-link protection should be set up for the files, and just let the server handle whether or not the page allows downloading. And, you're right, you'd probably use die('') instead--or exit;. Searching for cookies is not a big deal either--am I right? I've never actually dealt with cookies in PHP.. I think I'll try making a login script or something... But not today.

  12. #12
    Join Date
    Feb 2003
    Location
    Britain
    Posts
    1,335
    I wouldn't use exit, becuase it would just look like the browser crashed and wouldn't encourage membership, because they would think your downloads didn't work. Searching for cookies is very easy in PHP.

  13. #13
    Join Date
    Jan 2003
    Location
    Texas
    Posts
    10,413
    Oh yeah, duh... Yeah that would be silly.

    I'm glad cookies are "easy" in PHP... I know they're much more difficult in Javascript, so that's why I wondered.

  14. #14
    Join Date
    Mar 2003
    Posts
    32
    I have it checking for the forums cookie now, I just want to stop the direct linking to the download. currently the cookie check only stops page load if not logged in.

  15. #15
    Join Date
    Jan 2003
    Location
    Texas
    Posts
    10,413
    Just set up your Apache server to reject direct linking to the files.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles