The question says it all.. How do I let the users download a file from my website and not let them see what link that file comes from? I understand that there might be a need for something like a download.php which will serve as the gateway but past that phase, I dunno what to script next... If it bothers you to write the whole code, a few function names that I should need to use would be really handy!
views:
77answers:
4You can use the header() function which is documented here: http://uk2.php.net/manual/en/function.header.php
I would suggest scrolling down and looking at the 1st example. It seems to be doing exactly what you want :)
Find a way to identify the file to download (for instance, a GET variable that matches the ID of a row in a database, or something along these lines). Make damn sure it's a valid one, because you don't want your users to be able to download anything off your site. Then, use header
with Content-Disposition
to tell the browser the file should be downloaded, and readfile
to output it.
For instance:
<?php
$id = intval($_GET['id']);
$query = mysql_query('SELECT file_path FROM files WHERE id = ' . $id);
if (($row = mysql_fetch_row($query)) !== false)
{
header('Content-Disposition: attachment; filename=' . basename($row[0]));
readfile($row[0]);
}
exit;
?>
readfile should do what you want. Put the actual file outside the web server root, and require some credentials before passing back the file.
You can't make someone download a file from a URL without letting them know the URL. It's not possible under the HTTP specification. Anything downloaded has a URL.
You can, however, have a download URL that only works once, or requires some specific information to be passed via the POST method. You check for a token in the GET or POST variables and invalidate that token once it's used once.