Renaming a folder for each download_问答_开发者

开发者 https://www.devze.com 2023-03-08 04:12 出处：网络

EDIT: We allow our product download after submitting a simple form. To avoid the owners of \"illegal websit开发者_JS百科es\" learning where our product downloads are located, I was thinking about ren

相关专题：download php

EDIT: We allow our product download after submitting a simple form.

To avoid the owners of "illegal websit开发者_JS百科es" learning where our product downloads are located, I was thinking about renaming the download folder after every download.

How can I do this in PHP?

Instead, verify an authenticated session and then stream the download via PHP.

Then if any illegal website tries to download your file, they will find they need to be authenticated first.

Don't rename the directory. It will break if multiple users download the file simultaneously. Instead serve file via PHP like:

<?php
// We'll be outputting a PDF
header('Content-type: application/pdf');

// It will be called downloaded.pdf
header('Content-Disposition: attachment; filename="downloaded.pdf"');

// The PDF source is in original.pdf
readfile('original.pdf');
?>

Yes, - you can do it by using rename PHP function, but what a strange approach? You better customize access settings for files which can be accessed via HTTP request and which can not. Let just registered users download files and identify real users from robots using user session cookies and, probably, add captcha if those file are so significant.

A possible solution might be to do a PHP system call to create a temporary softlink to your installer, and remove that softlink after a fixed amount of time.

But indeed, it seems you've got the wrong idea when it comes to safeguarding your installer.

A good way is to use a combination of .htaccess & key

.htaccess
RewriteEngine On

RewriteCond %{SCRIPT_FILENAME} !-d
RewriteRule ^([^\.]+)/([a-z0-9]+/i)$ serve.php?file=$2&key=$1 [NC,L]

After someone purchases your file set a key and ip in there customer account in mySQL send them the link to download via email (http://yoursite.com/key1234567/your.pdf) note they can only download once

person clicks download

then with serve.php

you check the key against there ip in there account and mark as downloaded

sql check on ip and key match


if($allowedToDownload===true){
    header('Content-type: application/pdf');

    // It will be called downloaded.pdf
    header('Content-Disposition: attachment; filename="downloaded.pdf"');

    // The PDF source is in original.pdf
    readfile('hidDen_ArEa/'.basename($_REQUEST['file']));
    }

Nothing personal, but it's not most clever idea.
Check $_SERVER['HTTP_REFERER'] - if this variable is not empty and not contains address of pre-download page, redirect user to some your pre-download page.

edit: checking HTTP_REFERER is not 100% protection against bots, but other methods (such as authentication) can be more annoying for users.

Also, sessions or cookies (with temporary token) can be used.

Best solution so far is the following: http://www.devshed.com/c/a/PHP/Simple-and-Secure-PHP-Download-Script-with-Limits-Tutorial/.

Thanks to all of you for directing me to this approach.