0

I need to deliver a file

example.com/realpathofthe/file.zip

to customers but I don't want to communicate the same URL to all customers (they could easily share URL to non-customers, and it would be difficult to track if the product is delivered or not). Instead, I'm generating a random string in PHP and want to share such URL:

example.com/download/djbf6xu83/file.zip

which will be different for each customer.

Question: should I generate symlinks for each customer to link the random string path to the path of the actual file on server?
Or use a RewriteRule in .htaccess for this? But then if done this way (ie rewrite /download/*/file.zip to the actual file), all random strings would link to the same file. This is not good because a non customer could generate a download link himself. How to handle this correctly?

Note: I'd like to avoid if possible that PHP has to process the gigabytes of files data (through file_get_contents()) before delivering it. I thought (please correct me if I'm wrong) that it would be lighter for the server to let Apache distribute the file.

Basj
  • 41,386
  • 99
  • 383
  • 673
  • Store the random string in DB. Then use a rewrite rule to redirect to a php script which will get the random string and match it against your database, then if ok, send the file. The file is always the same, but your script will verify the random string. – Armage Aug 21 '17 at 13:10
  • 1
    Why not use the RewriteRule to a PHP script file, and make the check that the random string is valid there? – Fredster Aug 21 '17 at 13:10
  • @Armage yes but then PHP itself has to process the gigabytes of files data (through `file_get_contents()`) before delivering it. Isnt there a way to avoid this and let Apache distribute the file? – Basj Aug 21 '17 at 13:13
  • @Fredster I edited and added a note. – Basj Aug 21 '17 at 13:18
  • Ok. Then why not create a rewrite rule `/download/XXX/file.zip` with only the valid strings? If they are many, maybe create a PHP script that updates the .htaccess file when you create a new valid string. – Fredster Aug 21 '17 at 13:21
  • I was thinking about such things but I found it a bit hack-ish to ask a PHP script to overwrite a .htaccess each time there is a new customer. At the end this htaccess would become a very long file. – Basj Aug 21 '17 at 13:27
  • You can also use the php script to create the symbolic links and delete them automatically (cron ?) after some time. (It's not ideal solution...) – Armage Aug 21 '17 at 13:27

1 Answers1

0

There can be many ways to approach this problem. Here's what I suggest. Make a file, say /download.php and pass in a download code as an HTTP GET variable. So it'd say something like /download.php?code=abcdef, meanwhile generate and store codes for each customer in a database, and check if the code exists when someone opens download.php. Easy to track, and not creating a complex directory structure.

Mav
  • 1,087
  • 1
  • 15
  • 37
  • Thanks. But then this means PHP has to process gigabytes of data (see Note in original post). – Basj Aug 21 '17 at 14:00
  • https://stackoverflow.com/questions/7263923/how-to-force-file-download-with-php you don't have to use file_get_contents(); – Mav Aug 21 '17 at 14:01