Solved

24 hour expire url with random url creation for cloaked file downloads

Posted on 2004-09-08
4
444 Views
Last Modified: 2012-06-27
hi there

Does anyone know of a good script for file downloads.

I have a file i want to include for my signups but need it to expire within 24 hours with a random url generator(or some other means to hide the actual file location)

Any suggesstions

best regards

 
0
Comment
Question by:playstat
  • 2
4 Comments
 
LVL 48

Expert Comment

by:hernst42
ID: 12009782
You can't hide the location, but if your clients have signed up, store the signup time anywhere (DB, flatfile). Before the user can download that file make a check if the user can still downloadthat file..

To output a file in PHP you can use the following:

if (downloadIsValid()) {
header("Content-type: $mimetype");
header("Content-Disposition: attachment; filename=\"".$filename."\"");
readfile($absolutePathOfFile);
} else {
echo "no longer able to download file";
}
0
 
LVL 25

Expert Comment

by:Marcus Bointon
ID: 12014826
Add a datetime field to your user database, called something like 'downloadexpires', then update it when they have signed up:

$downloadexpires = date('Y-m-d H:i:s', strtotime('now + 24 hours'));
mysql_query("UPDATE users SET downloadexpires = '$downloadexpires' WHERE id = '$user_id'");

Then when you want to check the download time (called from hernst42's code above):

function downloadIsValid($user_id) {
  $result = mysql_query("SELECT id FROM users WHERE downloadexpires > NOW() AND id = '$user_id'");
  return (mysql_num_rows($result) > 0);
}

Only other thing is that it's a good idea to add a content-length header, especially if you're downloading large files:

header('Content-length: '.filesize($absolutePathOfFile));

Make sure that you do use the correct MIME type for the file you're downloading - there is no such type as 'application/force-download', so don't use it.

For your unique URLs, generate them at the time you register the user, md5() is good for this. You might find that it's useful to map them back to a script parameter using mod_rewrite on Apache.

I don't think you'll find a download script as such, it's really a very loose association of several small parts, and everyone will want to do it differently
0
 
LVL 3

Accepted Solution

by:
Logan earned 500 total points
ID: 12014828

Hi playstat,

You can "hide" the file location if you put it outside your html root directory, read this: http://experts-exchange.com/Web/Web_Languages/PHP/Q_21120919.html

When a user signup provide him/her a link pointing to your download passing an encrypted var which contains username and timedate of singup:

<?
$rR = mktime( date("h"), date("i"), date("s"), date("m"), date("d"), date("Y") );      // Register time
$userlogin = $_POST["login"];
$id = $userlogin.$rR;

//You must store this data in a db or file -> "INSERT INTO yourtable (idmd5, id) VALUES ('".md5( $id )."', '".$id."')";

echo "<a href=\"".$_SERVER["PHP_SELF"]."?id=".md5( $id )."\" target=\"_self\">Download</a>";
?>

When a user logs in to download the file:
<?
$rD = mktime( date("h"), date("i"), date("s"), date("m"), date("d"), date("Y") );      // Download Time
$id = $_GET["id"];
$userlogin = $_POST["login"];

// Find that id in your db -> "SELECT * FROM yourtable WHERE idmd5 = '".$id."'";

// is there is a match: $idFromYouDB = yourtable.id

$rR = str_replace( $userlogin, "", $idFromYouDB );

// then compare the timedates:

$vT = "h";      // Time units: [d|h|m] (Days, Hours, Minutes), default: hours
$vF = 24;      // Time the link is valid for

switch( $vT ){
      case "d" : $vM = 86400; break;
      case "h" : $vM = 3600; break;
      case "m" : $vM = 60; break;
      default : $vM = 3600;
}

if( intval( ( $rD - $rR ) / $vM ) <= $vF ){
// download the file. See the link above
}
else{
// delete that id in your db
echo "Download period expired"; // or whatever u want
}
?>

Hope this helps :)
0
 
LVL 3

Expert Comment

by:Logan
ID: 12096220
Thanks for the points :)
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question