24 hour expire url with random url creation for cloaked file downloads

hi there

Does anyone know of a good script for file downloads.

I have a file i want to include for my signups but need it to expire within 24 hours with a random url generator(or some other means to hide the actual file location)

Any suggesstions

best regards

Who is Participating?
LoganConnect With a Mentor Web DeveloperCommented:

Hi playstat,

You can "hide" the file location if you put it outside your html root directory, read this: http://experts-exchange.com/Web/Web_Languages/PHP/Q_21120919.html

When a user signup provide him/her a link pointing to your download passing an encrypted var which contains username and timedate of singup:

$rR = mktime( date("h"), date("i"), date("s"), date("m"), date("d"), date("Y") );      // Register time
$userlogin = $_POST["login"];
$id = $userlogin.$rR;

//You must store this data in a db or file -> "INSERT INTO yourtable (idmd5, id) VALUES ('".md5( $id )."', '".$id."')";

echo "<a href=\"".$_SERVER["PHP_SELF"]."?id=".md5( $id )."\" target=\"_self\">Download</a>";

When a user logs in to download the file:
$rD = mktime( date("h"), date("i"), date("s"), date("m"), date("d"), date("Y") );      // Download Time
$id = $_GET["id"];
$userlogin = $_POST["login"];

// Find that id in your db -> "SELECT * FROM yourtable WHERE idmd5 = '".$id."'";

// is there is a match: $idFromYouDB = yourtable.id

$rR = str_replace( $userlogin, "", $idFromYouDB );

// then compare the timedates:

$vT = "h";      // Time units: [d|h|m] (Days, Hours, Minutes), default: hours
$vF = 24;      // Time the link is valid for

switch( $vT ){
      case "d" : $vM = 86400; break;
      case "h" : $vM = 3600; break;
      case "m" : $vM = 60; break;
      default : $vM = 3600;

if( intval( ( $rD - $rR ) / $vM ) <= $vF ){
// download the file. See the link above
// delete that id in your db
echo "Download period expired"; // or whatever u want

Hope this helps :)
You can't hide the location, but if your clients have signed up, store the signup time anywhere (DB, flatfile). Before the user can download that file make a check if the user can still downloadthat file..

To output a file in PHP you can use the following:

if (downloadIsValid()) {
header("Content-type: $mimetype");
header("Content-Disposition: attachment; filename=\"".$filename."\"");
} else {
echo "no longer able to download file";
Marcus BointonCommented:
Add a datetime field to your user database, called something like 'downloadexpires', then update it when they have signed up:

$downloadexpires = date('Y-m-d H:i:s', strtotime('now + 24 hours'));
mysql_query("UPDATE users SET downloadexpires = '$downloadexpires' WHERE id = '$user_id'");

Then when you want to check the download time (called from hernst42's code above):

function downloadIsValid($user_id) {
  $result = mysql_query("SELECT id FROM users WHERE downloadexpires > NOW() AND id = '$user_id'");
  return (mysql_num_rows($result) > 0);

Only other thing is that it's a good idea to add a content-length header, especially if you're downloading large files:

header('Content-length: '.filesize($absolutePathOfFile));

Make sure that you do use the correct MIME type for the file you're downloading - there is no such type as 'application/force-download', so don't use it.

For your unique URLs, generate them at the time you register the user, md5() is good for this. You might find that it's useful to map them back to a script parameter using mod_rewrite on Apache.

I don't think you'll find a download script as such, it's really a very loose association of several small parts, and everyone will want to do it differently
LoganWeb DeveloperCommented:
Thanks for the points :)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.