1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

How to Hide Download URL

Discussion in 'PHP' started by Pathan, Sep 15, 2014.

  1. #1
    We have download simple download.php file that download files and that download.php is placed in the theme folder of WordPress, we have custom field "download_url" while adding new post and we paste download url in "download_url" field.

    When user click on Download Now button it downloads the file, the issue is as I have mentioned above that download.php is placed in theme folder of WordPress so link to that download.php look extremely ugly, its something like site.com/wp-content/themes/mytheme/download.php
    SEMrush
    and the download link looks like:

    site.com/wp-content/themes/mytheme/download.php?file=folder/subfolder/file.zip

    We can't move the download.php to root folder as it creates issues.

    Can anybody please help or suggest a solution that we can hide or adjust the URL so it may look good to eyes.

    here is what we have in download.php file

    <?php
    $filename = $_SERVER["DOCUMENT_ROOT"] . '/' . $_GET['file'];
    
    if(ini_get('zlib.output_compression'))
    ini_set('zlib.output_compression', 'Off');
    
    $file_extension = strtolower(substr(strrchr($filename,"."), 1));
    
    switch($file_extension){
        case "pdf": $ctype="application/pdf"; break;
        case "exe": $ctype="application/octet-stream"; break;
        case "zip": $ctype="application/zip"; break;
        case "doc": $ctype="application/msword"; break;
        case "xls": $ctype="application/vnd.ms-excel"; break;
        case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
        case "gif": $ctype="image/gif"; break;
        case "png": $ctype="image/png"; break;
        case "jpeg":
        case "jpg": $ctype="image/jpg"; break;
        default: $ctype="application/force-download";
    }
    
    if(file_exists($filename)):
        $pos = strrpos($filename, '/');
        $substr = substr($filename, $pos);
        $file_name = str_replace('/', '', $substr);
        header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
        header('Content-Type: application/octet-stream');
        header('Content-Type: application/vnd.android.package-archive');
        header("Pragma: public");
        header("Expires: 0");
        header("Cache-Control: private", false);
        header("Content-Type: $ctype");
        header("Content-Disposition: attachment; filename=" . $file_name);
        header("Content-Transfer-Encoding: binary");
        header("Content-Length: ".filesize($filename));
        readfile($filename);
    else:
        echo "<h1>File not found!</h1>";
    endif;
    ?>
    PHP:
     
    Pathan, Sep 15, 2014 IP
    SEMrush
  2. ArMouR

    ArMouR Well-Known Member

    Messages:
    161
    Likes Received:
    22
    Best Answers:
    0
    Trophy Points:
    130
    Digital Goods:
    1
    #2
    I'm not sure how you get the location of the file but I'm thinking that you could create an index number which references to the specific file. So you your url would change to something like download_file.php?filenumber=1 . PHP would check some sort of database which references 1 to the location of the file on the server and return the file without showing the direct location. Hope this explanation doesn't confuse you more.
     
    ArMouR, Sep 15, 2014 IP
  3. Pathan

    Pathan Well-Known Member

    Messages:
    2,196
    Likes Received:
    218
    Best Answers:
    0
    Trophy Points:
    165
    #3
    Hi,

    Thanks for your time. can we achieve this thing with .htaccess?
     
    Pathan, Sep 15, 2014 IP
  4. skymoney

    skymoney Active Member

    Messages:
    122
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    75
    #4
    maybe easy used url shotter such goo.gl ??
     
    skymoney, Sep 15, 2014 IP
  5. Pathan

    Pathan Well-Known Member

    Messages:
    2,196
    Likes Received:
    218
    Best Answers:
    0
    Trophy Points:
    165
    #5
    Not possible links are in thousands.
     
    Pathan, Sep 15, 2014 IP
  6. www_HypeFree_com

    www_HypeFree_com Active Member

    Messages:
    218
    Likes Received:
    18
    Best Answers:
    0
    Trophy Points:
    65
    #6
    I'm not sure if this will help but there are services that dynamically generate download link that are temporary like 24 or 48 hours then they get removed such service I use to use was 1shoppingcart.com for selling digital downloads. In any case maybe something along those lines will do the trick for you (just giving an idea here hope it helps).

    Dan
     
    www_HypeFree_com, Sep 16, 2014 IP
  7. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,623
    Likes Received:
    725
    Best Answers:
    152
    Trophy Points:
    470
    #7
    What I'm wondering is why moving the download.php-file to the root causes issues - what issues? From the looks of the file, it doesn't really seem it should interfere with anything, so I'm assuming it's something else causing problems, I'm just wondering what?
     
    PoPSiCLe, Sep 16, 2014 IP
  8. nico_swd

    nico_swd Prominent Member

    Messages:
    4,153
    Likes Received:
    344
    Best Answers:
    18
    Trophy Points:
    375
    #8
    Horribly insecure doesn't even start to describe this. Remove this right now and change all your passwords. Consider everything on your server compromised.

    If you're curious as to why, consider this URL.
    
    download.php?file=../../wp-config.php
    
    Code (markup):
    As for your (other) problem, you can also use .htaccess to rewrite the URLs, but the path (or part of it) would still be visible in the URL.

    Alternatively, you could probably put an .htaccess file in the download folder, which would add the necessary headers to the files, to force the download. And then you'd just link directly to them.
    
    <FilesMatch "\.(jpg|pdf|exe|doc)$">
        ForceType application/octet-stream
        Header set Content-Disposition attachment
    </FilesMatch>
    
    Code (markup):
    Although, most of these files, like .exe, .zip, .xls, etc... will automatically be downloaded by the browser anyway. The only ones you should be concerned about are probably images and PDFs.
     
    nico_swd, Sep 16, 2014 IP
  9. hip_hop_x

    hip_hop_x Active Member

    Messages:
    522
    Likes Received:
    5
    Best Answers:
    0
    Trophy Points:
    90
    #9
    There is also window.history property to change the url from a browser (client side, js) not letting them knowing exactly what is the path.
    But you will need to work out with apache/nginx rewrite rule in case you want it more fancy + add session so that a file can't be loaded from multiple ips (or after 24 hours, etc)
     
    hip_hop_x, Sep 17, 2014 IP