I need to deliver a file
example.com/realpathofthe/file.zip
to customers but I don't want to communicate the same URL to all customers (they could easily share URL to non-customers, and it would be difficult to track if the product is delivered or not). Instead, I'm generating a random string in PHP and want to share such URL:
example.com/download/djbf6xu83/file.zip
which will be different for each customer.
Question: should I generate symlinks for each customer to link the random string path to the path of the actual file on server?
Or use a RewriteRule in .htaccess for this? But then if done this way (ie rewrite /download/*/file.zip to the actual file), all random strings would link to the same file. This is not good because a non customer could generate a download link himself.
How to handle this correctly?
Note: I'd like to avoid if possible that PHP has to process the gigabytes of files data (through file_get_contents()) before delivering it. I thought (please correct me if I'm wrong) that it would be lighter for the server to let Apache distribute the file.
There can be many ways to approach this problem. Here's what I suggest.
Make a file, say /download.php and pass in a download code as an HTTP GET variable. So it'd say something like /download.php?code=abcdef, meanwhile generate and store codes for each customer in a database, and check if the code exists when someone opens download.php. Easy to track, and not creating a complex directory structure.
Related
I have uploaded some files on server. The link provided to me is pretty simple i-e; no signs/ symbols etc. If I provide the same link to the user for downloading the data, it might result in hacking of my server or loss of data. Now my question is how to encrypt this kind
www.hello.com/myApp/myFile.mp3
of url and provide the encrypted url to the user which the browser can understand.
Regards
Correct me if I misunderstand, but are you trying to prevent someone from downloading the file unless you tell them it's ok to download it?
Then the threat is that someone may find the file linked on a search engine or be able to guess it.
There are a few ways to make that threat less likely.
Make the url very long and unguessable. Simply rename the file to some random value could work. From the command line (linux)
echo http://example.com/file.mpe $(date) | md5sum
d8a5e8d341135379b8ad38f1d06970be
Or even easier, choose a random password from http://tooln.net/pw/ and rename the file to one of the passwords without symbols. Either is difficult to guess.
If you know the person, you could easily share a password and set a password on the directory. You can turn on passwords per directory through apache.
Turn off indexing of the site through robots.txt.
A URL can be encrypted, but if a browser can understand it, decrypting it would be a trivial process for a hacker. I'm assuming what you want to do is to prevent too many people from accessing your URL. To do this, you will have to have either some sort of user login system or an IP based limitation. Both of these would have to be backed by a database.
Instead of linking directly to the file, you would link to something like download.php?fileid=$some_file_id and in your database, you just insert the user ID (or IP address) and file ID every time the file is download. Then to display the file back to the user, you would check how many downloads of that file have been made by the user and if it is less than your threshold, e.g.:
SELECT COUNT(*) FROM downloads WHERE user = :user AND file_id = :id
Then get PHP to echo the contents of the file to the browser.
Add other clauses such as limiting it to X downloads in the past 24 hours, etc. or however you would like to work it.
Other things you could do would be storing the files outside the document root (or protecting direct access with .htaccess or similar), and including a hash of the file name in the link, so someone couldn't just do download.php?fileid=1 and guess the next one is download.php?fileid=2.
Hello everyone I was wondering if there's a way to have a random text generated and replaces my file names (and of course still have the link work) ?
I've noticed how people like to have files (mostly video) have very random characters as file names instead of a relevant file names. Are they generated as each user view the page? Or is it really a file with a name of random characters? I cannot imagine this can be efficient if you have large amounts of files.
I'm currently using the script from http://css-tricks.com/snippets/php/generate-expiring-amazon-s3-link/
This allows me to not share my files publicly but the users cannot access the file directly. I hope that makes sense, let me know what you think.
Thank you
As of today, you could probably use S3 Website Redirects to accomplish this.
Simply create a random new file with the correct HTTP header set, and have it redirect back to the real file. This uses an HTTP 301 redirect, so loading it in a web browser or requesting it with cURL or wget will end up resolving the real location.
I'm looking for a way to send a user a regular file (mp3s or pictures), and keeping count of how many times this file was accessed without going through an HTML/PHP page.
For example, the user will point his browser to bla.com/file.mp3 and start downloading it, while a server-side script will do something like saving data to a database.
Any idea where should I get started?
Thanks!
You will need to go through a php script, what you could do is rewrite the extensions you want to track, preferably at the folder level, to a php script which then does the calculations you need and serves the file to the user.
For Example:
If you want to track the /downloads/ folder you would create a rewrite on your webserver to rewrite all or just specific extensions to a php file we'll call proxy.php for this example.
An example uri would be proxy.php?file=file.mp3 the proxy.php script sanitizes the file parameter, checks if the user has permission to download if applicable, checks if the file exists, serves the file to the client and perform any operations needed on the backend like database updates etc..
Do you mean that you don't want your users to be presented with a specific page and interrupt their flow? If you do, you can still use a PHP page using the following steps. (I'm not up to date with PHP so it'll be pseudo-code, but you'll get the idea)
Provide links to your file as (for example) http://example.com/trackedDownloader.php?id=someUniqueIdentifer
In the tracedDownloader.php file, determine the real location on the server that relates to the unique id (e.g. 12345 could map to /uploadedFiles/AnExample.mp3)
Set an appropriate content type header in your output.
Log the request to your database.
Return the contents of the file directly as page output.
You would need to scan log files. Regardless you most likely would want to store counters in a database?
There is a great solution in serving static files using PHP:
https://tn123.org/mod_xsendfile/
First of all, this isn't another question about storing images on DB vs file system. I'm already storing the images on the file system. I'm just struggling to find a better way to show them to all my users.
I' currently using this system. I generate a random filename using md5(uniqueid()), the problem that I'm facing, is that the image is then presented with a link like this:
<img src="/_Media/0027a0af636c57b75472b224d432c09c.jpg" />
As you can see this isn't the prettiest way to show a image ( or a file ), and the name doesn't say anything about the image.
I've been working with a CMS system at work, that stores all uploaded files on a single table, to access that image it uses something like this:
<img src="../getattachment/94173104-e03c-499b-b41c-b25ae05a8ee1/Menu-1/Escritorios.aspx?width=175&height=175" />
As you can see the path to the image, now has a meaning compared to the other one, the problem is that this put's a big strain in the DB, for example, in the last site I made, I have an area that has around 60 images, to show the 60 images, I would have to do at least 60 individual query's to the database, besides the other query's to retrieve the various content on the page.
I think you understand my dilemma, has anyone gone trough this problem, that can give me some pointers on how to solve this?
Thanks..
You could always use .htaccess to rewrite the url and strip the friendly name. So taking your example, you could display the image source as something like:
/Media/0027a0af636c57b75472b224d432c09c/MyPictures/Venice.jpg
You could use htaccess to actually request:
/Media/0027a0af636c57b75472b224d432c09c.jpg
The other option is to have a totally friendly name:
/Media/MyPictures/Venice.jpg
And redirect it to a PHP file which examines the url and generates the hash so that it then knows the actual image file name on the server. The php script should then set the content type, read the image and output it. The major downside of this method is that you may end up with collisions as you two images may have the same hash. Given that the same thing can also occur with you current method I assume it isn't an issue.
I have an image that send to affiliate for advertising.
so, how can I find it out from my server the number of times that image been downloaded?
does server log keep track of image upload count?
---- Addition ----
Thanks for the reply.. few more questions
because I want to do ads rotation, and tracking IP address, etc.
so, i think I should do it by making a dynamic page (php) and return the proper images, right?
In this case, is there anyway that I can send that information to Google Analytics from the server? I know I can do it in javascript. but now, since the PHP should just return the images file. so what I should do? :)
Well This can be done irrespective of your web Server or Language / Platform.
Assuming the File is Physically stored in a Certain Directory.
Write a program that somehow gets to know which file has to be downloaded. Through GET/POST parameters. There can be even more ways.
then point that particullar file physically.
fopen that file
read through it byte by byte
print them
fclose
store/increment/updatethe download counter in database/flatfile
and in the database you may keep the record as md5checksum -> downloadCounter
It depends on a server and how you download the image.
1) Static image (e.g. URL points to actual image file): Most servers (e.g. Apache) store each URL served (including the GET request for the URL for the image) in access log. There are a host of solutions for slicing and dicing access logs from web servers (especially Apache) and obtaining all sorts of statistics including count of accesses.
2) Another approach for fancier stuff is to serve the image by linking to a dynamic page which does some sort of computation (from simple counter increment to some fancy statistics collection) and responds with HTTP REDIRECT to a real image.
Use Galvanize a PHP class for GA that'll allow you to make trackPageView (for a virtual page representing your download, like the file's url) from PHP.
HTTP log should have a GET for every time that image was accessed.
You should be able to configure your server to log each download. Then, you can just count the number of times the image appears in the log file.