I'm starting a new site soon that has many files available for download. I'm going use a php script to get the files (This helps me to count the downloads and hide the file location). However, the file location becomes visible when a visitor is downloading the file (This is more of a problem in Netscape 6, because it gives the full file path - ex: http://www.domain.com/files/zips, whereas IE just lists the server - ex: domain.com.). To prevent hotlinking, I modified my .htaccess file in my downloads directory to only allow referrals from my domain. This works well and great, but my problem lies with the more persistant breed of leeches. In the past, I have actually had people hotlink to me with little notes that tell their visitors to right-click, 'save as', or to copy & paste the url into their browsers:angry:. I don't know much about many programming languages, but maybe somebody even has a script that accomplishes this also? Anyway, I don't want this to happen to my site this time around. Does anybody know of a way I can hide the file's real location while it is being download? If this is not possible, can I at least scramble/randomize a fake location or something:uhh:? Any help would be greatly appreciated, and my apologies in advance if this is a dumb question:blush:.

Have a PHP script read the file and send it using HTTP header. I don't have any ready made solution available right now, however you can search over PHP manual at php.net or other php groups.

You can even put the file out of the public_html folder.

I'm not sure I know what you mean by a HTTP header:confused:. Do you know of any sites where I could find more information about this?

Check out http://php.net/header

Maybe a php script like this will accomplish that


<?php
header("Content-type: application/x-download");
header("Content-disposition: attachment; filename=\"filename\"");
do_something_here_to_count_download_etc();
readfile("/full/path/to/real/filename");
?>


Don't forget to place your real file outside your web root.

And don't forget to throw the file to the browser by using "print" command.

Originally posted by masood
And don't forget to throw the file to the browser by using "print" command.

That's the readfile() function does. It outputs the specified file directly without reading the entire file into a variable.

Righto!

:blush:

Thanx for the great advice guys! That seemed to solve my problem. Here is my script:

<?php

$ADMIN[defaulturl] = "http://www.mydomain.com/";

$okaysites = array("http://www.mydomain.com","http://mydomain.com");

$ADMIN[url_1] = "http://www.mydomain.com";
$ADMIN[urllocal_1] = "files/zips";

$reffer = $HTTP_REFERER;
if($reffer) {
$yes = 0;
while(list($domain, $subarray) = each($okaysites)) {
if (ereg("$reffer",$subarray)) {
$yes = 1;
}
}
$theu = "url"."_"."$site";
$theuloc = "urllocal"."_"."$site";
if ($ADMIN[$theu] AND $yes == 1) {
header("Content-type: application/x-download");
header("Content-disposition: attachment; filename=\"$file\"");
readfile("$ADMIN[$theuloc]/$file");
} else {
header("Location: $ADMIN[defaulturl]");
}
} else {
header("Location: $ADMIN[defaulturl]");
}

?>

(the link: http://www.mydomain.com/download.php?site=1&file=file.zip)

I know, it is a bit sloppy and certain variables are unnecessary (I adapted it from another script):rolleyes:. Considering I don't know php commands, I'm satisfied that it works:D.

I just have one more question to pick your guys' brains with (I hope this isn't annoying, but the php.net guide might as well be written in german as far as I'm concerned) How can I log the amount of times a file is downloaded to a text file?

The php guide is available in German as well, along with dozen or so other languages :)
Main Site: http://www.php.net
German Manual: http://www.php.net/manual/de/

To have a simple text counter, try this:

1. create a text file counter.txt in the same directory where your download script resides.
2. just type 0 on first line. no extra spaces or lines. (in counter.txt)
3. chmod 777 or whatever so that the web server can write to it

4. put this code where you want to do the counting:


<?
$count = file("counter.txt");
$newcount = $count[0]+1;
$fp = fopen("counter.txt", "w");
fwrite($fp, $newcount);
?>


Hope it works :) If not, let me know and I'll debug
:blush:

Originally posted by sn0rtin
Thanx for the great advice guys! That seemed to solve my problem. Here is my script:

<?php

$ADMIN[defaulturl] = "http://www.mydomain.com/";

$okaysites = array("http://www.mydomain.com","http://mydomain.com");

$ADMIN = "http://www.mydomain.com";
$ADMIN[urllocal_1] = "files/zips";

$reffer = $HTTP_REFERER;
if($reffer) {
$yes = 0;
while(list($domain, $subarray) = each($okaysites)) {
if (ereg("$reffer",$subarray)) {
$yes = 1;
}
}
$theu = "url"."_"."$site";
$theuloc = "urllocal"."_"."$site";
if ($ADMIN[$theu] AND $yes == 1) {
header("Content-type: application/x-download");
header("Content-disposition: attachment; filename=\"$file\"");
readfile("$ADMIN[$theuloc]/$file");
} else {
header("Location: $ADMIN[defaulturl]");
}
} else {
header("Location: $ADMIN[defaulturl]");
}

?>

(the link: [url]http://www.mydomain.com/download.php?site=1&file=file.zip)

I know, it is a bit sloppy and certain variables are unnecessary (I adapted it from another script):rolleyes:. Considering I don't know php commands, I'm satisfied that it works:D.

I just have one more question to pick your guys' brains with (I hope this isn't annoying, but the php.net guide might as well be written in german as far as I'm concerned) How can I log the amount of times a file is downloaded to a text file?

I'm not sure if this script will work at all, but if it does work, then there it has a security flaw. Besides that, it might cause you problems if the user has a faulty or old user agent (browser) that doesn't support the referer (referrer) header.

The script that priyadi wrote is almost like what I would suggest, you will want to extend it, however, to allow for any other file. If you do that, then you have to check your '$file' variable and make sure that it doesn't contain any dots or forward slashes.