Hide download link path in PHP or javascript

Question

Hide download link path in PHP or javascript

Navigation

#1 by (3 votes)
#2 by (2 votes)

0

I'm doing a download manager in PHP, through which a user can download a file.

What I intend is the following Instead of passing the direct route to the file (www.dominio.com/ftp/archivo.rar) pass it, www.dominio.com/descarga.php?id=3 this in the download manager when you click on properties to see where it is downloaded, you will only see www.dominio.com/descarga.php?id=3 and not the absolute path to the file.

What interests me is to hide the download path or create a temporary route

thanks in advance.

Looking for a solution I found this one that is very easy but I can not implement it 100%

 <?php
switch($id) {
case '':
header ("Location: http://Mi-pagina.com"); // esta sera la pagina que aparecera al abrir el archivo por defecto
 break;
case 'descarga1': // Este sera el nombre que le pondremos al id del archivo
header ("Location: ./archivos/descarga1.zip"); // esta es la ruta del nombre del archivo a descargar
break; 
default:
header ("Location: http://Mi-pagina.com"); // esto al igual que el primero es el header por default que aparecera al acceder al archivo directamente osea redirigira para alla si quieren accesar al archivo directamente desde el navegador
} ?>

this would be the download link link

The first time it worked well but in other tests it does not download the file in question and I have no idea what part of the code is wrong.

javascript html php

asked by BotXtrem Solutions 11.03.2017 в 01:41

source

2 answers

2

One solution may be to use a hash as an identifier. For example, file.rar hasheado (bcrypt) remains as:

/descarga.php?id=$2a$06$I3wuZYJKUDK.yYwTy9yzv.CfCI14CMurChOev8mbUhJ1MmgXzlzQe

And in PHP iterate the list of files to know which file matches (by name) with the hash:

$hash = '$2a$06$I3wuZYJKUDK.yYwTy9yzv.CfCI14CMurChOev8mbUhJ1MmgXzlzQe';    
$path = './public/archivos/';
$files = array_diff(scandir($path), array('.', '..'));
$file = '';

foreach($files as $file) {
  if (password_verify($file, $hash)) {
    header("Content-Type: application/octet-stream");
    header("Content-Disposition: attachment; filename={$file}");
    header("Pragma: no-cache");
    readfile("{$path}/{$file}");
    break;
  }
}

Note: scandir also lists directories, so if you have subdirectories within the files folder to download, make sure that $file is not a directory.

answered by 11.03.2017 в 02:21

Error connecting SQL-SERVER with C # How to take a variable and declare it in each function with php?

score 3 · Accepted Answer

The first thing is to obtain the real name of the file from the parameter that you passed in the URL. For that you use the mechanism that you prefer: they suggested you go through the directory and compare it with a hash, but another solution could be to search in a database:

$idArchivo = filter_input(INPUT_GET, 'id'); // Esto lee $_GET['id'];
$file = $db->get_var("SELECT nombre FROM archivos WHERE id = ". $idArchivo);

Suppose that the files are in a directory whose location you have in the variable $dir . Now you can use this logic to force the download of the file:

$filename = $dir . $file;
header('Content-type: application/octet-stream');
header("Content-Transfer-Encoding: Binary");
header('Content-Disposition: attachment; filename=' . $filename);
echo file_get_contents($filename);

If instead of forcing the download you want the file to be opened in the browser (it is useful if it is a file jpg or pdf ) you must replace application/octet-stream with the corresponding mimetype to the file type.