Hi Folks, Im new to the forum, so sorry if this is the wrong area to post in. I want to set up some PDF(and other files) downloads for folk. Basically - how do I do that; 1/ is it a script and if so any suggestions [free ] 2/ registration? Some pointers on how this is done would be great. Im OK with HTML, can stuff up and follow PHP but not program, and havent a clue about javascript other than pasting it into my html pages Any pointer on safeguards would also be welcome. Thanks heaps in advance Keep well.
huh? If you want to have people download files from your site, you simply link to them, eg: http://www.widgets.com/file.pdf Code (markup): Very simple. They click on the link and it asks if they want to download it If you want more control over it, I suppose you could do redirects like this forum does, eg have the link point to a generic page (eg, attachments.php) with a querystring to pass the info to that page. it'll allow much greater control over viewing attachments thus, "attachment.php?file_id=42" would load up the attachment with a file_id of 42 (look at the picture I uploaded to get an idea of this forum's system )
Thanks Relixx, So- as you can see I know enough to be dangerous I guess Im looking for some control over requests. I would like to know who has downloaded if possible. Also the article list will grow, I suppose an articles database may be the way to go - any ideas? Thanks.
Well, off the top of my head, you could make it that you have to be logged in to view the file. Or even have a system where the attachment can only be viewed by certain people depending on where the attachment was uploaded/posted to, or depending on "security levels" (eg, an attachment only mods or admins can view). If the people have to go through a specific page to view an attachment, then it should be very easy to have the people who downloaded it stored in a database (eg, you could have a database store the names/ip addresses of all those who attempted the download, and/or the names of all those who completed the download (this can be done in php, though i dont know the code)) Now, if (please note that this is off the top of my head) a forum had a single file that handled the viewing of all attachments (it located the attachment and restricted viewing, etc), then you'd have to pass information to it via a querystring. So, if a mod or admin wanted to post an attachment that only mods or admins could see, this wouldn't be a very secure method, because by manually typing in numbers or whatever, you could stumble upon the "private" attachment. Thus, a method of solving this is having something like 3 user levels (user, moderator, admin). each level has the same "viewing level" options than the one below it, plus viewing level options that prevent the levels below it from seeing the attachments. For example: User: post attachments that can be viewed by all (maybe including people who aren't logged in) Mod: post attachments can be viewed by all, plus those that cannot be seen by Users Admin: post attachments can be viewed by all, plus those that cannot be seen by Users or moderators. Thus, if you don't have a proper "viewing level" (eg, a User trying to view an Admin-only picture) you'd get redirected to an error page. However, if you don't want people to simply type in the full path to the file name (picture, pdf, whatever) you could, first of all, rewrite the name of the file (using php) when it is uploaded, so it's more difficult to find, plus ban any spiders from the directory(ies) containing the documents (using robots.txt) so people can't find your stuff through the serach engines. However, if you do this people can simply see what directories are blocked (by looking at the robots.txt file), and go type in the directory name. If there is no index page there (eg, index.html), it will show a listing of all the files in that directory. Thus, you'd want to set your server to stop showing this directory listing (if you don't want to put an index.html page into the directory). However, people (theoretically) could still find your pdfs, etc as they are only hidden. So, you'd probably want to block all access to the directories and only allow access to their contents via certain files (eg, the attachment-handling file). For this, I'd advise you to go to the Programming and Site&Server Administration sections, someone there may be able to help you (although, I'd suggest you go to a security forum and ask for help there, they'd probably know as they're all paranoid ) If you managed to understand my ramblings, well done (like I said, this is off the top of my head) In summary, a good way would be to hide the directory(ies) containing the stuff from the search engines (through robots.txt, etc), block viewing the contents, block all access to the contents except through a certain file or some info (maybe through a user-name and password or something) that must be passed along to gain access. Once you've restricted all access except through the attachment-handling file(s), you should have complete control over who sees/downloads your files
Now that I've had some sleep, I've come up witha slightly simpler solution to people accessing the directory without going through an attachment-handling page... there must be a way to ban all access to that directory, except for scripts running off that server... then, you wouldn't ahve to worry about hiding the directory, etc. You'd still be able to control access through the file, too
Hi Relixx, After some more searching and pondering - I have taken a look at an articles databse system that I "should" be able to incorporate. Im loking at Articledashboard - this serves up, tracks etc articles. It may do all that I want and avoid the problem of unwanted access to my server files etc - not that they are very exciting. If anyone knows this package or has some other suggestion Id be pleased to hear it. Keep well
Why can't you just link to it?? If you want a download manager of sorts you can check hotscripts.com they have tons..
He does want to just link to it. He wants control over who downloads it, etc and track people. What I was going on about was ABSOLUTE control over it. Controlling through a script still normally allows the person to simply type in the full URL of the attachment and bypass the attachment-handling file.