i am using read file function to allow users to download files through a php page and i am blocked direct access to files with htaccess.but the problem is the files can't be downloaded with download managers like IDM and it says:"This site doesn't allow you to request twice for file ".
i am looking for a way to output the file to user and also let him use download managers!
Related
I want to restrict a pdf file on my server from being viewed or downloaded. for example, when somebody types below url in browser and press enter.
http://example.com/pdf/sample-pdf1.pdf
the file should not be viewed or downloaded. instead, it should get redirected somewhere else or should display some error message
But, when i download the same file using php or html code, it should get downloaded
for example when i use below code in a php file, it should get downloaded.
[a href="http://example.com/pdf/sample-pdf1.pdf" download]Download[/a]
Insert .htaccess file inside pdf directory with content:
"Deny from all" -
That will not allow access that directory and files inside it via URL.
I have a wordpress site where people buy access to downloads through the woocommerce plugin.
There are usually several thousand downloads for each order and I have found woocommerce to be inefficient when handling large amounts of downloads.
The download files are like this
product1_date.pdf
product2_date.pdf
etc...
I can't change this
I need a PHP solution which
Admin can upload files to a directory via FTP
Users who buy a product can download them in their download area
Users cannot access files for products they haven't purchased by guessing the filename
1 and 2 I can handle, but how do I prevent 3? Is there a way I can set file permissions to only be read by a specific user who has purchased? Or would is it possible to make the directory writable by everyone (so they can be uploaded) but the files only readable by apache and serve the files to the user some other way?
First, you must stop hotlinks!
After, you create a downloader file contain of downloader function. This's parameters is file mime-type, file name, file url etc... Users can only download with this downloader file. Function is first control users access, after accept user want or not accept. RETURN
I only want the zip file to be available once after a user purchases it, and it can only be downloaded once
The file is outside public_html, it isn't publicly available, but I can't figure how to send the file to the browser.
Using this guide: Idiot-proof, cross-browser force download in PHP how can I get it to work with non-public access to the zip file? I tried setting the path to the file, but it didn't work. (I tested it with a browser accessible path and it did work)
As for the other concern, only allowing it to be downloaded once, I am doing the following:
user accesses the unique download page
checks to see if the product was already downloaded
updates mySQL saying that it has been downloaded
send headers to download the file
You can copy zip file to an specified location when user registers. The new name of zip file should be with username so that it can be unique. Once user has downloaded you can delete the file. As the file has been copied once in registration the copying process event wont occur again.
On registration :
copy($main_copy, "/download/balh_".$username.".zip");
Post download :
unlink("/download/balh_".$username.".zip");
I am creating a web application where user can use browser to execute word/excel/pdf files.
I have used scandir() to show list of files of a folder. Now when the user clicks the link, ie;name of the file(.doc, .xls, .pdf etc), the file should open with corresponding application.
The file should not open in browser. It should open normally with corresponding application.
How can I achieve this ?
I would be grateful if I could get any guidance on it.
Thank you
I have this in my code:
Sample PDF
So basically it will appear to be a download link to file 'sample.pdf' but the problem is, there's a restriction in downloading this file. so whenever there are confidential reports uploaded and a malicious user accidentally memorized or viewed the URL of the download link in the browser history he can easily download it even without accessing the website because it is a direct link. What am i supposed to do so this link will be protected? or be downloaded only for the user assigned to it?
Don't serve up files by their direct URLs. Have a PHP script receive the filename of the file wanted, and serve it up.
So, if someone wants to download the above files, he would go to
example.com/getfile?file=sample.pdf
Your PHP script would check if the current user has permission to view the file, and then serve it up.
Make your links like this:
Sample PDF
Your current method is very insecure for sensitive files. A malicious user could trivially write a script to download ALL files in res/pdf. All he needs to do is check every permutation of letters in the directory, and throw away all 404 errors.
You will not redirect the user since that would defeat the purpose. You will serve the file as a download with the appropriate Content-disposition header.
Here's an example: Fastest Way to Serve a File Using PHP
You can google and get many more examples.
Here's a great example that shows how to serve PDF files:
https://serverfault.com/questions/316814/php-serve-a-file-for-download-without-providing-the-direct-link
You can restrict using htaccess