hide download link

@html20009876Nov 06.2007

I have a zip file on my site, e.g. ~~[url]~~www.mysite.com/dir/my.zip[/url].

I hope visitors can download the file but don’t know the zip link.

tech may be redirect or something else in php, script, html.

my purpose is to protect the zip file from been downloaded by software (c++, java etc – hackers). if hacker doesn’t know address of the zip file, he may not download it by using software.

is “force download” without displaying “save browser” a good way for the purpose?

to post a comment

PHP

9 Comments(s) _↴

@scragarNov 06.2007 — #if you want to protect it use a numeric key enter style PHP script(enter security number to download)

even if the image is the same every time your going to completely prevent search engines, and save around 95% of all spambots from the download.

@html20009876authorNov 06.2007 — #even if the image is the same every time your going to completely prevent search engines, and save around 95% of all spambots from the download.[/QUOTE]

search engine? what do you mean?

@scragarNov 06.2007 — #your concerned about the file being downloaded when you don't want it to be right?

if a search engine see's it then anyone who searches google using specific methods will be able to find the URL of the file, and thus be able to download it themselves.

the solution is to block search engines, and hide the download in a PHP file that has 1 sole purpose, validate the passcode, and if successfull include the contents of the file to be downloaded and parse the right header to the browser. This not only keeps the file away from search engines and such, but also protects the file from those that use a straight link(remember, input code must match).

@html20009876authorNov 06.2007 — #scragar,

why passcode can hide my zip file?

is the link to zip file static or dynamic generated?

any code or samples?

could you explain more?

thanks.

@scragarNov 06.2007 — #how you handle the link is your choice, you could make it static, or dynamic if you so wish(to make it dynamic simply force a query sting to match up as well as an imput text).

a VERY basic example:

request.html

[code=html]<form action="download.php" method="POST">
 Enter "12345": <input type="text" name="scode" />
 <input type="submit" value="Download now" />
 </form>[/code]

download.php:

[code=php]<?php
 if($_POST['scode'] != "12345")
 die("password not entered, click back and try again.");
 header("Content-type: application/zip");
 // 2 methods here, quickest but least secure:
 include "/path/to/file/myfile.zip";
 // slower, yet virtually 100% safe.
 echo file_get_contents("/path/to/file/myfile.zip");
 exit;
 ?>[/code]

@html20009876authorNov 06.2007 — #scragar,

thanks for your start code.

I need more points before I test:

1. is the function header("Content-type: application/zip"); a must? what is its purpose?

2. is file_get_contents("/path/to/file/myfile.zip"); used to save file to disk? does it display "save browser dialog" to let user choose a directory to save?

3. is "include" a function or script-code?

@scragarNov 06.2007 — #1. is the function header("Content-type: application/zip"); a must? what is its purpose?[/quote]it tells the browser that your going to be sending it a zip file, if you didn't use that header it could try to display it on screen, or one of a range of intresting actions(including crash).
2. is file_get_contents("/path/to/file/myfile.zip"); used to save file to disk? does it display "save browser dialog" to let user choose a directory to save?[/quote]
it loads the contents of your file into the page, the user never actualy see's myfile.zip, instead they see a PHP file treated as a zip file. there is no way to refuse the user the right to choose save location, so yes, it will prompt the user for a save location.
3. is "include" a function or script-code?[/quote]include is one of the essential constructs of the PHP language.

oh, and you should comment out 1 of the 2 lines below the comments, leaving youself with either the include of get_file_contents line, not both.

EDIT: elaboration on point no 2. the PHP file from the users point of veiw is treated as a zip file, contains the contents of your zip file and will ask to be saved as a zip file, they in no way get your PHP code or such.

@html20009876authorNov 06.2007 — #it sounds great!

could you give me more clue (e.g. useful functions, ideas) or links to samples of higher security code if convinent for you?

@scragarNov 06.2007 — #PHP has some intresting image functions, provided you have a suitable libary installed:

http://uk2.php.net/manual/en/ref.image.php

that will come in handy for keeping the code secret from text based sniffers.

you should also consider reading up on sessions and/or cookies so you can rand a number for the user to enter, far more secure.

Also in #PHP _↴

Form to email!if(file_exists)how can i get this feed back at my mail

Success!

Help @html20009876 spread the word by sharing this article on Twitter...

Tweet This

about: ({
version: 0.1.9 — BETA 5.22,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});

changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...

recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...

hide download link

9 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

hide download link

9 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

9 Comments(s) _↴

Also in #PHP _↴