-1

I'm currently using this code to hide download link but its giving uncompleted download for some users. I don't know why, but too many users report this problem to me. My current code is: 

file = "../".$realFileName;
$fakeFileName= 'Upbaz.ir-'.base64_decode($_GET['ffname']);
$fp = fopen($file, 'rb');
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename=$fakeFileName");
header("Content-Length: " . filesize($file));
fpassthru($fp);

Anyone know other way to hide download link?

Ivaylo Strandjev
  • 69,226
  • 18
  • 123
  • 176
masih arastooyi
  • 521
  • 6
  • 16

2 Answers2

1

Increase script time run eq 

@set_time_limit(120);
user956584
  • 5,316
  • 3
  • 40
  • 50
1

This script will handle the downloading of the file and it includes a buffer/ different ext types (if you desire). A good way to hide links is to put files in a protected directory and have links stored in a database. The user sees an ID or a session tied to a file and the server finds the file and serves it.

if ($fd = fopen ($fullPath, "r")) {
    $fsize = filesize($fullPath);
    $path_parts = pathinfo($fullPath);
    $ext = strtolower($path_parts["extension"]);
    switch ($ext) {
        case "txt":
            header("Content-type: application/txt"); // add here more headers for diff. extensions
            header("Content-Disposition: attachment; filename=\"".$path_parts["basename"]."\""); // use 'attachment' to force a download
            break;
        default:
            header("Content-type: application/octet-stream");
            header("Content-Disposition: attachment; filename=\"".$path_parts["basename"]."\"");
    }
    header("Content-length: $fsize");
    header("Cache-control: private"); //use this to open files directly
    while(!feof($fd)) {
        $buffer = fread($fd, 2048);
        echo $buffer;
    }
}
fclose ($fd);

.htaccess to protect directory (you should have a dir for only these files

deny from all

Above script modified to yours:

$file = "../".$realFileName;
$fakeFileName= 'Upbaz.ir-'.base64_decode($_GET['ffname']);
if ($fd = fopen ($file, "r")) {
        $fsize = filesize($file);

        header("Content-type: application/octet-stream");
        header("Content-Disposition: attachment; filename=\"$fakename\"");

        header("Content-length: $fsize");
        header("Cache-control: private"); //use this to open files directly
        while(!feof($fd)) {
            $buffer = fread($fd, 2048);
            echo $buffer;
        }
    }
    fclose ($fd);
UnholyRanger
  • 1,977
  • 14
  • 24
  • i must have patchinfo installed on server? because i dont have it now – masih arastooyi Feb 21 '13 at 17:00
  • [pathinfo](http://php.net/manual/en/function.pathinfo.php) is a built in PHP function. Do you really need the file served to have a different name or is that just to protect them from finding the real file? – UnholyRanger Feb 21 '13 at 17:02
  • and its like my code not have diffrent ... you sure i dont have broken downloads with this? – masih arastooyi Feb 21 '13 at 17:03
  • I would say check your Execute time and that the files exist but the download code works. – UnholyRanger Feb 21 '13 at 17:10
  • its big files around 2 GB for some low speed connections ... i must put excute time what number? for security and working download? – masih arastooyi Feb 21 '13 at 17:18
  • I do believe you don't have to worry about that. Check out [SO](http://stackoverflow.com/questions/6527811/how-to-download-large-files-through-php-script). – UnholyRanger Feb 21 '13 at 17:24