Solved

24 hour expire url with random url creation for cloaked file downloads

Posted on 2004-09-08
4
450 Views
Last Modified: 2012-06-27
hi there

Does anyone know of a good script for file downloads.

I have a file i want to include for my signups but need it to expire within 24 hours with a random url generator(or some other means to hide the actual file location)

Any suggesstions

best regards

 
0
Comment
Question by:playstat
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 48

Expert Comment

by:hernst42
ID: 12009782
You can't hide the location, but if your clients have signed up, store the signup time anywhere (DB, flatfile). Before the user can download that file make a check if the user can still downloadthat file..

To output a file in PHP you can use the following:

if (downloadIsValid()) {
header("Content-type: $mimetype");
header("Content-Disposition: attachment; filename=\"".$filename."\"");
readfile($absolutePathOfFile);
} else {
echo "no longer able to download file";
}
0
 
LVL 25

Expert Comment

by:Marcus Bointon
ID: 12014826
Add a datetime field to your user database, called something like 'downloadexpires', then update it when they have signed up:

$downloadexpires = date('Y-m-d H:i:s', strtotime('now + 24 hours'));
mysql_query("UPDATE users SET downloadexpires = '$downloadexpires' WHERE id = '$user_id'");

Then when you want to check the download time (called from hernst42's code above):

function downloadIsValid($user_id) {
  $result = mysql_query("SELECT id FROM users WHERE downloadexpires > NOW() AND id = '$user_id'");
  return (mysql_num_rows($result) > 0);
}

Only other thing is that it's a good idea to add a content-length header, especially if you're downloading large files:

header('Content-length: '.filesize($absolutePathOfFile));

Make sure that you do use the correct MIME type for the file you're downloading - there is no such type as 'application/force-download', so don't use it.

For your unique URLs, generate them at the time you register the user, md5() is good for this. You might find that it's useful to map them back to a script parameter using mod_rewrite on Apache.

I don't think you'll find a download script as such, it's really a very loose association of several small parts, and everyone will want to do it differently
0
 
LVL 3

Accepted Solution

by:
Logan earned 500 total points
ID: 12014828

Hi playstat,

You can "hide" the file location if you put it outside your html root directory, read this: http://experts-exchange.com/Web/Web_Languages/PHP/Q_21120919.html

When a user signup provide him/her a link pointing to your download passing an encrypted var which contains username and timedate of singup:

<?
$rR = mktime( date("h"), date("i"), date("s"), date("m"), date("d"), date("Y") );      // Register time
$userlogin = $_POST["login"];
$id = $userlogin.$rR;

//You must store this data in a db or file -> "INSERT INTO yourtable (idmd5, id) VALUES ('".md5( $id )."', '".$id."')";

echo "<a href=\"".$_SERVER["PHP_SELF"]."?id=".md5( $id )."\" target=\"_self\">Download</a>";
?>

When a user logs in to download the file:
<?
$rD = mktime( date("h"), date("i"), date("s"), date("m"), date("d"), date("Y") );      // Download Time
$id = $_GET["id"];
$userlogin = $_POST["login"];

// Find that id in your db -> "SELECT * FROM yourtable WHERE idmd5 = '".$id."'";

// is there is a match: $idFromYouDB = yourtable.id

$rR = str_replace( $userlogin, "", $idFromYouDB );

// then compare the timedates:

$vT = "h";      // Time units: [d|h|m] (Days, Hours, Minutes), default: hours
$vF = 24;      // Time the link is valid for

switch( $vT ){
      case "d" : $vM = 86400; break;
      case "h" : $vM = 3600; break;
      case "m" : $vM = 60; break;
      default : $vM = 3600;
}

if( intval( ( $rD - $rR ) / $vM ) <= $vF ){
// download the file. See the link above
}
else{
// delete that id in your db
echo "Download period expired"; // or whatever u want
}
?>

Hope this helps :)
0
 
LVL 3

Expert Comment

by:Logan
ID: 12096220
Thanks for the points :)
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to count occurrences of each item in an array.

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question