Is there a way to protect, let's say, a download link? By protect I mean make it so the user downloading the file cannot access a direct link to the file, but instead will see a link that points to some empty page. What I want to do is offer downloads for a bunch of different episodes of a TV show hosted on another site, but I don't want these links stolen by competitors. Possible? Any help is appreciated
There's a number of ways to do it. Generally the best way is to store the file below your root directory so it is not accessible directly through any url. You can then use a header and print the contents of the file to force a download. Normal php can process above the header, so you can authenticate or anything else, before the download. Sort of... //authenticate user some how if($authenticated): $file = file_get_contents('/server/file_directory/file.pdf'); header(); //set a header for the file type echo $file; endif; PHP:
jestep: He's not hosting the files, they're on a third-party site. RFlame: You could use various Javascript machinations; unless you want to host or proxy the files I think that's about your only option.
You could still use the above script and get the file from a 3rd party. The problem would be that you would need to wait to download the page to your server before the user gets any content. I would then recommend using a proxy and a function like fsocketopen. This is going to be a fairly complicated script, so it make take a lot of testing to get this to work properly. The idea will be to stream the file from the remote server, through your script which will act as a proxy to the user. You can still use the header function to set the content type. You have to figure out how to start the download before having to read the entire file. I would also authenticate the user. Make sure the website you are taking files from knows you are doing this as this would probably be frowned upon by most webmasters.
If you're charged for bandwidth or have a transfer cap, be aware that every time the file is downloaded with this method, you'll get dinged twice. That is, if it's a 1GB file, it'll use 2GB of your bandwidth allocation. I really think Javascript is a better approach. It'll be faster for the end user, and doesn't waste bandwidth. The downside is that a determined attacker will be able to reverse-engineer your JS to figure out what the links are. Whether that matters depends on what sort of person you think is going to try.