Solved

24 hour expire url with random url creation for cloaked file downloads

Posted on 2004-09-08
4
443 Views
Last Modified: 2012-06-27
hi there

Does anyone know of a good script for file downloads.

I have a file i want to include for my signups but need it to expire within 24 hours with a random url generator(or some other means to hide the actual file location)

Any suggesstions

best regards

 
0
Comment
Question by:playstat
  • 2
4 Comments
 
LVL 48

Expert Comment

by:hernst42
ID: 12009782
You can't hide the location, but if your clients have signed up, store the signup time anywhere (DB, flatfile). Before the user can download that file make a check if the user can still downloadthat file..

To output a file in PHP you can use the following:

if (downloadIsValid()) {
header("Content-type: $mimetype");
header("Content-Disposition: attachment; filename=\"".$filename."\"");
readfile($absolutePathOfFile);
} else {
echo "no longer able to download file";
}
0
 
LVL 25

Expert Comment

by:Marcus Bointon
ID: 12014826
Add a datetime field to your user database, called something like 'downloadexpires', then update it when they have signed up:

$downloadexpires = date('Y-m-d H:i:s', strtotime('now + 24 hours'));
mysql_query("UPDATE users SET downloadexpires = '$downloadexpires' WHERE id = '$user_id'");

Then when you want to check the download time (called from hernst42's code above):

function downloadIsValid($user_id) {
  $result = mysql_query("SELECT id FROM users WHERE downloadexpires > NOW() AND id = '$user_id'");
  return (mysql_num_rows($result) > 0);
}

Only other thing is that it's a good idea to add a content-length header, especially if you're downloading large files:

header('Content-length: '.filesize($absolutePathOfFile));

Make sure that you do use the correct MIME type for the file you're downloading - there is no such type as 'application/force-download', so don't use it.

For your unique URLs, generate them at the time you register the user, md5() is good for this. You might find that it's useful to map them back to a script parameter using mod_rewrite on Apache.

I don't think you'll find a download script as such, it's really a very loose association of several small parts, and everyone will want to do it differently
0
 
LVL 3

Accepted Solution

by:
nenufarloganx earned 500 total points
ID: 12014828

Hi playstat,

You can "hide" the file location if you put it outside your html root directory, read this: http://experts-exchange.com/Web/Web_Languages/PHP/Q_21120919.html

When a user signup provide him/her a link pointing to your download passing an encrypted var which contains username and timedate of singup:

<?
$rR = mktime( date("h"), date("i"), date("s"), date("m"), date("d"), date("Y") );      // Register time
$userlogin = $_POST["login"];
$id = $userlogin.$rR;

//You must store this data in a db or file -> "INSERT INTO yourtable (idmd5, id) VALUES ('".md5( $id )."', '".$id."')";

echo "<a href=\"".$_SERVER["PHP_SELF"]."?id=".md5( $id )."\" target=\"_self\">Download</a>";
?>

When a user logs in to download the file:
<?
$rD = mktime( date("h"), date("i"), date("s"), date("m"), date("d"), date("Y") );      // Download Time
$id = $_GET["id"];
$userlogin = $_POST["login"];

// Find that id in your db -> "SELECT * FROM yourtable WHERE idmd5 = '".$id."'";

// is there is a match: $idFromYouDB = yourtable.id

$rR = str_replace( $userlogin, "", $idFromYouDB );

// then compare the timedates:

$vT = "h";      // Time units: [d|h|m] (Days, Hours, Minutes), default: hours
$vF = 24;      // Time the link is valid for

switch( $vT ){
      case "d" : $vM = 86400; break;
      case "h" : $vM = 3600; break;
      case "m" : $vM = 60; break;
      default : $vM = 3600;
}

if( intval( ( $rD - $rR ) / $vM ) <= $vF ){
// download the file. See the link above
}
else{
// delete that id in your db
echo "Download period expired"; // or whatever u want
}
?>

Hope this helps :)
0
 
LVL 3

Expert Comment

by:nenufarloganx
ID: 12096220
Thanks for the points :)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PHP Undefined Index in HTML Form? 2 32
object oriented programming comparison 5 57
Before I get too far.. best way to save dates data 4 16
php construct 5 15
Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now