Link to home
Create AccountLog in
Avatar of dprundle
dprundle

asked on

PHP make sure users download from my website

I have a download.php file that coutns the number of times files are downloaded by id.  How can I make it so that files can ONLY be downloaded from my website.  Other people are linking to my download.php?Id=XX files and letting their users download my files.
Avatar of steelseth12
steelseth12
Flag of Cyprus image

on your page that is calling download.php start a session and make the link

download.php?Id=XX&session=<?=session_id()?>

on your donwload.php also start a session and check

if($_GET["session"] != session_id()) {

print "ERROR";
}else{

procced normally

}
Avatar of dprundle
dprundle

ASKER

I feel embarrassed saying this, but it sounds like it would work but i'm not sure how to start a session.
session_start();

for more info on sessions see http://de2.php.net/manual/en/ref.session.php 
Note: session_start(); needs to be placed at the first line of your page
this is on a wordpress database. I don't know if I can get that on the very first line.  Is there a way to do this by checking the referring webpage?
ASKER CERTIFIED SOLUTION
Avatar of steelseth12
steelseth12
Flag of Cyprus image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Thx for the help mate, you really got my brain working on this one.  I ended up using this solution and just modded it for my own purposes.

http://www.thesitewizard.com/archive/protectimages.shtml


I'm sure your solution would be more secure, but this one will work for my purposes.  you get an A++