CODEWITHSUNDEEP
php
James Walker
James Walker

Reputation: 27

Secure Direct File Downloader PHP Needs Fixes

Unfortunately, This code isn't working because i wanna download files through php and need to hide the direct path of files uploaded in my server.

If i define complete path in variable.. example.com/files/filedownload.iso then it's working but it's pointless, because i wanna hide a path while downloading.

<form target="_blank" id="download_file" action="download.php" method="post">
<input name="ip" type="hidden" value="192.123.23.1">
<input name="filename" type="hidden" value="filedownload.iso"'; ?>
<div align="center">
<input alt="Submit" src="download.gif" type="image" />
</div>
</form>

The above code is POST method..

<?php
  if(isset($_POST['ip']) && $_POST['ip']!="" && isset($_POST['filename']) && $_POST['filename']!=""){
    $filename = $_POST['filename'];
    }

    $domain="http://example.com/".$filename;
    //$redirect_url="http://example.com".$filename;
    $redirect_url=$path;
    $redirect_url= encrypt_download_link($domain,$path);

  ?>

   <script type="text/javascript">   
    var max_time= 5; //Seconds
    function Redirect() 
    {  
    window.location="<?php echo $redirect_url; ?>"; 
    }
    function refresh_remaining_time()
    {   
        max_time = max_time-1;
        if (max_time>=0) {
            document.getElementById("waiting_time_span").innerHTML = max_time+" Seconds";
        }
    }
    window.onload = function() {
        setInterval(function () {
            if (max_time>=0) {
                refresh_remaining_time();
            }
        }, 1000); // Execute somethingElse() every 2 seconds.
      setTimeout(function () {
            Redirect();
      }, 5000);
    };
    </script>

<?php
  }
  function encrypt_download_link($domain,$path){
    $secret = '4rTyHHgtopSUm';
    $expire = strtotime("+7 days");
    $md5 = base64_encode(md5($secret.$path.$expire,true));
    $md5 = strtr($md5, '+/', '-_');
    $md5 = str_replace('=', '', $md5);
      $url = $domain.$path."?st=".$md5."&e=".$expire;
      return $url;
  }
?>

Upvotes: 0

Views: 44

Answers (1)

Chris L
Chris L

Reputation: 56

I'm not sure if this would work for you, and it won't work for large files, but if you redirect users to a page with this code it will stream the file in binary down to their system. Don't be a hater if your files are larger and this won't work :)

P.S. I'd love to take credit for this, and I searched for the source (couldn't find it), but this hit my library at someone else's suggestion a few years back.

$nameFile = 'insert just name of file here'
$pathFile = 'insert file and path here';
$sizeFile = filesize($pathFile);
$pointerFile = fopen($pathFile, "rb"); // Open file for reading in binary mode
$contentFile = fread($pointerFile, $sizeFile);
fclose($pointerFile);

header("Content-length: ".$sizeFile);
header("Content-type: application/octet-stream");
header("Content-disposition: attachment; filename=".$nameFile.";" );
echo $contentFile;

Upvotes: 1

Related Questions