How to protect a download ?

[ciberyan]

Hello to all here

I have a reluctant problem solved for the moment by a simple HTACCESS
I have page with lot of download links
I DONT want to protect these paged themselves but the action of download
HTACCESS do the job but visitor has to enter pass and login for each files which is a pain
I look for a way to login on the website and to give access to the download
Everything I see is to protect page that contain the download links ant that's not what I look for.
I want the visitor know what he can find on the web site. I just want he register to get acces (validate) the dowload link itself

I hope to be clear ..

Thanks in advance for your attention

[Navaldesign]

Well, there are ways to do what you want in WB.

Create a page with the download links. The links should have this format:

download.php?id=1
download.php?id=2
etc,

where 1, 2 ........ n are integer numbers each one corresonding to each of the files that you want to allow download.

Then, create a php file with this code:

Code: Select all

<?php
error_reporting(0);

session_start();
if(!isset($_SESSION['username']))
{
   header('Location: deny_page.php'); // Replace "deny_page.php" with your actual denial page name
   exit;
}
$folder = "strangefoldername"; // This is the folder where your files are, make its name rather strange like "hJ68bkG9"

$file[1]= "filename1.pdf";
$file[2]= "filename2.doc";
$file[3]= "filename3.xls";
// Add as many as necessary

$file_name = $file[intval($_GET['id'])];
$file_path= $folder."/".$file_name;
$file_type = filetype($file_path);

$data = file_get_contents($file_path);
$file_size = strlen($data);

header("Pragma: public");
header('Expires: '.gmdate('D, d M Y H:i:s').' GMT');
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private",false);

header("Content-type: Application/ $file_type");
header("Content-Disposition: attachment; filename=$file_name");
header("Content-Description: Download PHP");
header("Content-Length: $file_size");
header("Content-Transfer-Encoding: binary");

header('Expires: '.gmdate('D, d M Y H:i:s').' GMT');
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private",false);
header("Content-Description: File Transfer");
header("Content-type: $file_type");
header("Content-Disposition: attachment; filename=\"$file_name\"");
header("Content-Description: Download PHP");
header("Content-Length: $file_size");
header("Content-Transfer-Encoding: binary");


$file = @fopen($file_path,"r");
if ($file) {
   while(!feof($file)) {
        $buffer = fread($file, 1024*8);
        echo $buffer;
    }
  @fclose($file);
}
?>

Copy the code in Notepad, Save As, select File Type: All files, and save as download.php. Of course, you need to change the first lines to include the real filenames, as well as your deny page (the same used in your login script). In the denial page inform the user that he has to be registered and logged in, and provide a link to the registration page and the login page. OR, if you don't use the login script for other purposes, make the denial page be the login and registration page.

This code will "see" if the user is logged in, and if yes, it will "read" the file and output it to the browser as download. If not logged in, it will send the user to the denial page.

Please note that the script will fail if the stat() function is disabled (it is, in certain hosting companies, for security reasons)

If that is the case, the script should include a second array with the MIME filetypes of the files.

[Navaldesign]

Demo: http://www.dbtechnosystems.com/wb6/download


Download the demo project:
http://www.dbtechnosystems.com/wb6/down ... wnload.zip


It is enough to place the files in a subfolder or in an upper level folder.
The updated download script will NOT display the folder, only the file name. So it would be quite secure.

[ciberyan]

Thanks for your idea

Can you explain a little bit the format of
$file[1]= "filename1.php";

let say my file is doc.pdf

how should I write this line ?

Thanks again

[Navaldesign]

Just replace "filename1.php" with "doc.pdf"

$file[1] = "doc.pdf";

If you open the download.php file included in the zip, it will become clear. Use Notepad if you don't have a php editor.

[ciberyan]

Thanks again for your time

[jerryco]

How to make this work for the Single Page Protect object?

[Navaldesign]

Replace this line:

if(!isset($_SESSION['username']))

with


if(!isset($_SESSION['password']))

[jerryco]

Beautiful. Thank you.

[ciberyan]

Naval, sorry to come back to you again ...

Is there a way to replace the button you are using by an hyperlink (text) or an image with a link ?

Thanks in advance

[me.prosenjeet]

Wow this is a real good thing to protect download links

[Navaldesign]

Naval, sorry to come back to you again ...

Is there a way to replace the button you are using by an hyperlink (text) or an image with a link ?

Thanks in advance

Certainly, you can use ANY type od link: image, text, button, anything, as long as you link it as per instructions.

[ciberyan]

Hello Naval

I am afraid to need your help once more time

Everything is ok as long as file are NOT .exe type
exe type will be downloaded but extension is truncated
Any way to avoid this ??

Thanks for your valuable help

[Navaldesign]

Yes, zip the .exe files.

[ciberyan]

Thanks anyway

Just have to redownload Mo of files ...

an "extension" version of this WONDERFUL piece of software would be great
(ie, instead of editing by hand the php file)