Renaming a folder for each download
Question
EDIT: We allow our product download after submitting a simple form.
To avoid the owners of "illegal websites" learning where our product downloads are located, I was thinking about renaming the download folder after every download.
How can I do this in PHP?
7 answers
solution1
8 2011-05-24 09:13:38
Instead, verify an authenticated session and then stream the download via PHP.
Then if any illegal website tries to download your file, they will find they need to be authenticated first.
solution2
2 2011-05-24 09:17:31
Don't rename the directory. It will break if multiple users download the file simultaneously. Instead serve file via PHP like:
<?php
// We'll be outputting a PDF
header('Content-type: application/pdf');
// It will be called downloaded.pdf
header('Content-Disposition: attachment; filename="downloaded.pdf"');
// The PDF source is in original.pdf
readfile('original.pdf');
?>
solution3
1 2011-05-24 09:14:38
Yes, - you can do it by using rename PHP function, but what a strange approach? You better customize access settings for files which can be accessed via HTTP request and which can not. Let just registered users download files and identify real users from robots using user session cookies and, probably, add captcha if those file are so significant.
solution4
1 2011-05-24 09:15:39
A possible solution might be to do a PHP system call to create a temporary softlink to your installer, and remove that softlink after a fixed amount of time.
But indeed, it seems you've got the wrong idea when it comes to safeguarding your installer.
solution5
1 2011-05-24 09:17:22
Nothing personal, but it's not most clever idea.
Check $_SERVER['HTTP_REFERER'] - if this variable is not empty and not contains address of pre-download page, redirect user to some your pre-download page.
edit: checking HTTP_REFERER is not 100% protection against bots, but other methods (such as authentication) can be more annoying for users.
Also, sessions or cookies (with temporary token) can be used.
solution6
1 2011-05-24 09:44:45
A good way is to use a combination of .htaccess & key
.htaccess
RewriteEngine On
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteRule ^([^\.]+)/([a-z0-9]+/i)$ serve.php?file=$2&key=$1 [NC,L]
After someone purchases your file set a key and ip in there customer account in mySQL send them the link to download via email ( http://yoursite.com/key1234567/your.pdf ) note they can only download once
person clicks download
then with serve.php
you check the key against there ip in there account and mark as downloaded
sql check on ip and key match
if($allowedToDownload===true){
header('Content-type: application/pdf');
// It will be called downloaded.pdf
header('Content-Disposition: attachment; filename="downloaded.pdf"');
// The PDF source is in original.pdf
readfile('hidDen_ArEa/'.basename($_REQUEST['file']));
}
solution7
0 ACCPTED 2011-05-24 20:10:42
Best solution so far is the following: http://www.devshed.com/c/a/PHP/Simple-and-Secure-PHP-Download-Script-with-Limits-Tutorial/ .
Thanks to all of you for directing me to this approach.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.