Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

24 hour expire url with random url creation for cloaked file downloads

Posted on 2004-09-08
4
Medium Priority
?
454 Views
Last Modified: 2012-06-27
hi there

Does anyone know of a good script for file downloads.

I have a file i want to include for my signups but need it to expire within 24 hours with a random url generator(or some other means to hide the actual file location)

Any suggesstions

best regards

 
0
Comment
Question by:playstat
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 48

Expert Comment

by:hernst42
ID: 12009782
You can't hide the location, but if your clients have signed up, store the signup time anywhere (DB, flatfile). Before the user can download that file make a check if the user can still downloadthat file..

To output a file in PHP you can use the following:

if (downloadIsValid()) {
header("Content-type: $mimetype");
header("Content-Disposition: attachment; filename=\"".$filename."\"");
readfile($absolutePathOfFile);
} else {
echo "no longer able to download file";
}
0
 
LVL 25

Expert Comment

by:Marcus Bointon
ID: 12014826
Add a datetime field to your user database, called something like 'downloadexpires', then update it when they have signed up:

$downloadexpires = date('Y-m-d H:i:s', strtotime('now + 24 hours'));
mysql_query("UPDATE users SET downloadexpires = '$downloadexpires' WHERE id = '$user_id'");

Then when you want to check the download time (called from hernst42's code above):

function downloadIsValid($user_id) {
  $result = mysql_query("SELECT id FROM users WHERE downloadexpires > NOW() AND id = '$user_id'");
  return (mysql_num_rows($result) > 0);
}

Only other thing is that it's a good idea to add a content-length header, especially if you're downloading large files:

header('Content-length: '.filesize($absolutePathOfFile));

Make sure that you do use the correct MIME type for the file you're downloading - there is no such type as 'application/force-download', so don't use it.

For your unique URLs, generate them at the time you register the user, md5() is good for this. You might find that it's useful to map them back to a script parameter using mod_rewrite on Apache.

I don't think you'll find a download script as such, it's really a very loose association of several small parts, and everyone will want to do it differently
0
 
LVL 3

Accepted Solution

by:
Logan earned 2000 total points
ID: 12014828

Hi playstat,

You can "hide" the file location if you put it outside your html root directory, read this: http://experts-exchange.com/Web/Web_Languages/PHP/Q_21120919.html

When a user signup provide him/her a link pointing to your download passing an encrypted var which contains username and timedate of singup:

<?
$rR = mktime( date("h"), date("i"), date("s"), date("m"), date("d"), date("Y") );      // Register time
$userlogin = $_POST["login"];
$id = $userlogin.$rR;

//You must store this data in a db or file -> "INSERT INTO yourtable (idmd5, id) VALUES ('".md5( $id )."', '".$id."')";

echo "<a href=\"".$_SERVER["PHP_SELF"]."?id=".md5( $id )."\" target=\"_self\">Download</a>";
?>

When a user logs in to download the file:
<?
$rD = mktime( date("h"), date("i"), date("s"), date("m"), date("d"), date("Y") );      // Download Time
$id = $_GET["id"];
$userlogin = $_POST["login"];

// Find that id in your db -> "SELECT * FROM yourtable WHERE idmd5 = '".$id."'";

// is there is a match: $idFromYouDB = yourtable.id

$rR = str_replace( $userlogin, "", $idFromYouDB );

// then compare the timedates:

$vT = "h";      // Time units: [d|h|m] (Days, Hours, Minutes), default: hours
$vF = 24;      // Time the link is valid for

switch( $vT ){
      case "d" : $vM = 86400; break;
      case "h" : $vM = 3600; break;
      case "m" : $vM = 60; break;
      default : $vM = 3600;
}

if( intval( ( $rD - $rR ) / $vM ) <= $vF ){
// download the file. See the link above
}
else{
// delete that id in your db
echo "Download period expired"; // or whatever u want
}
?>

Hope this helps :)
0
 
LVL 3

Expert Comment

by:Logan
ID: 12096220
Thanks for the points :)
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
This article discusses four methods for overlaying images in a container on a web page
The viewer will learn how to count occurrences of each item in an array.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question