Temporary URL's for download files
someusernamehere
www.myserver.com/files what I need is when an user log into the
account a temporary URL is created for download a file in /files, and
then, when the file is downloaded the link disappear of course, I also
need to know how to protect the files for downloading by direct URL,
make sense?
Erwin Moller
Yes, that makes sense.
I think that setup is often named 'ticket'.
You create a temporarely ticket to access some functionality (or files).
Firstly: STore your files OUTSIDE your rootdirectory, so nobody can
directly access them by simply using some URL.
Then try something like this:
1) Create a DB table (or flat file, whatever suits you)
create table tblticket(
ticketid char(50) Primary Key,
filepath text,
used CHAR(1) <-- Y/N
)
2) You decide to create a ticket for 1 download.
Simply add a record to this table, containing:
ticketid: A long random string.
filepath: The path to the file you want to offer
used: N
3) Give the visitor a link:
download.php?id=AGHJSGHJGDJGJHGJHGD..etc
4) When download.php is called, you simply check the passed ID.
If it is found in the table, stream the file back to the browser, and
then set used to 'Y'. (In that order. If something goes wrong with the
download, you do not want to update the record in the DB.)
possible variations:
- You can simply leave 'used' out and delete the record. But then you
don't have a history.
- You can add a datetime to the table that holds the value how long this
download will be avialable.
- That way you are reasonably sure each file is only downloaded once and
has a valid ticket. However, people COULD actually both start the
download at the same time. This is a little harder to avoid, but I think
if 2 people are trying this, it would be easier to simply download it
and share later. ;-)
Hope that helps a bit. It is quite straightforward.
Regards,
Erwin Moller
Olaf Schinkel
Send the file directly with the download-link by a reference or
something like that.
So nothing must bei stored temp.
Create a random numer and store it in a DB with the user id and req.
filename.
create the link like that:
download.php?id=user_id&ran=random_number
Example for download.php:
// select the req filename from db.
// exit, if not found
// else read the file into $dump
// and delete the entry in the DB
// example for CSV file
header("Content-Disposition: attachment; filename=export.csv");
header("Content-Type: text/csv");
echo $dump;
C. (http://symcbean.blogspot.com/)
> someusernamehere schrieb:> Hey, I need to implement this with PHP, i.e. I have some files in
> > account a temporary URL is created for download a file in /files, and
> > then, when the file is downloaded the link disappear of course, I also
> > need to know how to protect the files for downloading by direct URL,
> > make sense?
>
> No.
> Send the file directly with the download-link by a reference or
> something like that.
> So nothing must bei stored temp.
> Create a random numer and store it in a DB with the user id and req.
> filename.
>
> create the link like that:
> download.php?id=user_id&ran=random_number
>
> Example for download.php:
>
> // select the req filename from db.
> // exit, if not found
> // else read the file into $dump
> // and delete the entry in the DB
>
> // example for CSV file
> header("Content-Disposition: attachment; filename=export.csv");
> header("Content-Type: text/csv");
> echo $dump;
Personally, I'd consider using sha1(file_get_contents($filename)) (or
`sha1 $filename`) as the temporary name rather than a random number
since this might make the most efficient use of a staging area for
temporary files.
C.