How to protect a download ?
Forum rules
PLEASE READ THE FORUM RULES BEFORE YOU POST:
viewtopic.php?f=12&t=1901
MUST READ:
http://www.wysiwygwebbuilder.com/login_basics.html
http://www.wysiwygwebbuilder.com/login_tools.html
TIP:
A lot of information about the login tools can be found in the help/manual.
Also checkout the demo template that is include with the software.
PLEASE READ THE FORUM RULES BEFORE YOU POST:
viewtopic.php?f=12&t=1901
MUST READ:
http://www.wysiwygwebbuilder.com/login_basics.html
http://www.wysiwygwebbuilder.com/login_tools.html
TIP:
A lot of information about the login tools can be found in the help/manual.
Also checkout the demo template that is include with the software.
How to protect a download ?
Hello to all here
I have a reluctant problem solved for the moment by a simple HTACCESS
I have page with lot of download links
I DONT want to protect these paged themselves but the action of download
HTACCESS do the job but visitor has to enter pass and login for each files which is a pain
I look for a way to login on the website and to give access to the download
Everything I see is to protect page that contain the download links ant that's not what I look for.
I want the visitor know what he can find on the web site. I just want he register to get acces (validate) the dowload link itself
I hope to be clear ..
Thanks in advance for your attention
I have a reluctant problem solved for the moment by a simple HTACCESS
I have page with lot of download links
I DONT want to protect these paged themselves but the action of download
HTACCESS do the job but visitor has to enter pass and login for each files which is a pain
I look for a way to login on the website and to give access to the download
Everything I see is to protect page that contain the download links ant that's not what I look for.
I want the visitor know what he can find on the web site. I just want he register to get acces (validate) the dowload link itself
I hope to be clear ..
Thanks in advance for your attention
- Navaldesign
-
- Posts: 903
- Joined: Sat Mar 01, 2008 8:08 pm
- Location: Italy
- Contact:
Well, there are ways to do what you want in WB.
Create a page with the download links. The links should have this format:
download.php?id=1
download.php?id=2
etc,
where 1, 2 ........ n are integer numbers each one corresonding to each of the files that you want to allow download.
Then, create a php file with this code:
Copy the code in Notepad, Save As, select File Type: All files, and save as download.php. Of course, you need to change the first lines to include the real filenames, as well as your deny page (the same used in your login script). In the denial page inform the user that he has to be registered and logged in, and provide a link to the registration page and the login page. OR, if you don't use the login script for other purposes, make the denial page be the login and registration page.
This code will "see" if the user is logged in, and if yes, it will "read" the file and output it to the browser as download. If not logged in, it will send the user to the denial page.
Please note that the script will fail if the stat() function is disabled (it is, in certain hosting companies, for security reasons)
If that is the case, the script should include a second array with the MIME filetypes of the files.
Create a page with the download links. The links should have this format:
download.php?id=1
download.php?id=2
etc,
where 1, 2 ........ n are integer numbers each one corresonding to each of the files that you want to allow download.
Then, create a php file with this code:
Code: Select all
<?php
error_reporting(0);
session_start();
if(!isset($_SESSION['username']))
{
header('Location: deny_page.php'); // Replace "deny_page.php" with your actual denial page name
exit;
}
$folder = "strangefoldername"; // This is the folder where your files are, make its name rather strange like "hJ68bkG9"
$file[1]= "filename1.pdf";
$file[2]= "filename2.doc";
$file[3]= "filename3.xls";
// Add as many as necessary
$file_name = $file[intval($_GET['id'])];
$file_path= $folder."/".$file_name;
$file_type = filetype($file_path);
$data = file_get_contents($file_path);
$file_size = strlen($data);
header("Pragma: public");
header('Expires: '.gmdate('D, d M Y H:i:s').' GMT');
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private",false);
header("Content-type: Application/ $file_type");
header("Content-Disposition: attachment; filename=$file_name");
header("Content-Description: Download PHP");
header("Content-Length: $file_size");
header("Content-Transfer-Encoding: binary");
header('Expires: '.gmdate('D, d M Y H:i:s').' GMT');
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private",false);
header("Content-Description: File Transfer");
header("Content-type: $file_type");
header("Content-Disposition: attachment; filename=\"$file_name\"");
header("Content-Description: Download PHP");
header("Content-Length: $file_size");
header("Content-Transfer-Encoding: binary");
$file = @fopen($file_path,"r");
if ($file) {
while(!feof($file)) {
$buffer = fread($file, 1024*8);
echo $buffer;
}
@fclose($file);
}
?>
This code will "see" if the user is logged in, and if yes, it will "read" the file and output it to the browser as download. If not logged in, it will send the user to the denial page.
Please note that the script will fail if the stat() function is disabled (it is, in certain hosting companies, for security reasons)
If that is the case, the script should include a second array with the MIME filetypes of the files.
Last edited by Navaldesign on Wed Sep 16, 2009 3:53 pm, edited 4 times in total.
www.dbtechnosystems.com
- Navaldesign
-
- Posts: 903
- Joined: Sat Mar 01, 2008 8:08 pm
- Location: Italy
- Contact:
Demo: http://www.dbtechnosystems.com/wb6/download
Download the demo project:
http://www.dbtechnosystems.com/wb6/down ... wnload.zip
It is enough to place the files in a subfolder or in an upper level folder.
The updated download script will NOT display the folder, only the file name. So it would be quite secure.
Download the demo project:
http://www.dbtechnosystems.com/wb6/down ... wnload.zip
It is enough to place the files in a subfolder or in an upper level folder.
The updated download script will NOT display the folder, only the file name. So it would be quite secure.
www.dbtechnosystems.com
- Navaldesign
-
- Posts: 903
- Joined: Sat Mar 01, 2008 8:08 pm
- Location: Italy
- Contact:
How to make this work for the Single Page Protect object?
// Love is the acceptance of nothing / So, you're here. Now dance.
/ You want RWD? Rotate your damn phone! //
/ You want RWD? Rotate your damn phone! //
- Navaldesign
-
- Posts: 903
- Joined: Sat Mar 01, 2008 8:08 pm
- Location: Italy
- Contact:
Beautiful. Thank you.
// Love is the acceptance of nothing / So, you're here. Now dance.
/ You want RWD? Rotate your damn phone! //
/ You want RWD? Rotate your damn phone! //
- me.prosenjeet
-
- Posts: 1304
- Joined: Mon Dec 24, 2007 1:50 pm
- Location: Lucknow
- Contact:
Wow this is a real good thing to protect download links
.
Click here to check my Pro WB Extensions
Click here to check my Pro WB Templates
---------------------------------------------------------
www.Lucknowwebs.com
---------------------------------------------------------
Click here to check my Pro WB Extensions
Click here to check my Pro WB Templates
---------------------------------------------------------
www.Lucknowwebs.com
---------------------------------------------------------
- Navaldesign
-
- Posts: 903
- Joined: Sat Mar 01, 2008 8:08 pm
- Location: Italy
- Contact:
Certainly, you can use ANY type od link: image, text, button, anything, as long as you link it as per instructions.ciberyan wrote:Naval, sorry to come back to you again ...
Is there a way to replace the button you are using by an hyperlink (text) or an image with a link ?
Thanks in advance
www.dbtechnosystems.com
- Navaldesign
-
- Posts: 903
- Joined: Sat Mar 01, 2008 8:08 pm
- Location: Italy
- Contact: