file ID instead of url?

Tim Dobson · 03-07-2010, 04:59 PM

How would i go about using a file id for a download rather than giving them a direct link to the file? iv done a search on google and had no idea what this would come under... iv found site stat scripts that do this but i want to try avoid using sql databases and these require it.

delayedinsanity · 03-07-2010, 05:44 PM

Associate arrays.

php Code:

$arr = array( 'ze-fyle-eyed' => "{$path}/file.ext",
              'ze-other-fyle' => "{$path}/otherfile.ext" );

Return the appropriate header information and let the script send it from its 007 location to the user.

skibbli · 03-08-2010, 02:39 AM

assuming the files you'd be linking to are all in one place. you could use base64?

PHP Code:


			
$file = base64_decode($_GET[id]);
if (file_exist($file)) {
 header("location: filedir/$file");
} else {
 echo "<title>404</title><h1>404</h1>";
}

Village Idiot · 03-08-2010, 04:47 AM

Using a META redirect is still giving them a direct link to the file, you don't even need any advanced tools to get the link to that one.

Why do you want to avoid using an SQL database? A good database is generally the foundation of a worthwhile dynamic script. Any other method to store data would be slower and less efficient.

There are two ways to separate the client from the content. The first is to use a database to store the files, this is not really a good method. The next is to store them below the webroot (thus no URI to access it) and use a script to bring it up if the correct accidentals are given. The first thing you do is have some sort of database (mysql, xml, it really doesn't matter) to link the IDs to the file locations on the hard drive. Next you find the ID, verify the credentials are correct then write that file to the output stream along with the meta data. I've done this in both PHP and .net where file security was an absolute must (the .net one was for a mortgage bank).

I couldn't find a tutorial on google for this (about 2 minutes of looking), but the function that reads the file is readfile. If you are on a shared server and can not put files below the webroot, pick one above the webroot but use .htaccess to deny all. I wouldn't use this workaround (or a shared server at all) for anything that would be considered a major security breach should it fail.

delayedinsanity · 03-08-2010, 06:13 AM

Who said anything about META? Village, I think you've been hitting the bottle again.

Write a little function to determine what file is to be sent (and where its located) based on an ID passed to your script, and there's no reason you can't send any number of files from a single location.

Read in some GET that does a lookup (SQL, array, from a file, from where ever) to match the ID to the file, then send your headers and pipe that sucker through.

php Code:

if ( isset( $_GET['id'] ) )
    $file = do_something_to_determine_file( 'dont_forget_to_validate' );
else
    die( 'You missed your turn.' );

header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=$file");
header("Content-Type: application/zip"); // Change this to match your file type.
header("Content-Transfer-Encoding: binary");

readfile($file);

All files are transferred from a single location never giving up their location to charlie.

Village Idiot · 03-08-2010, 03:13 PM

Quote:

Originally Posted by delayedinsanity

Who said anything about META? Village, I think you've been hitting the bottle again.

Write a little function to determine what file is to be sent (and where its located) based on an ID passed to your script, and there's no reason you can't send any number of files from a single location.

Read in some GET that does a lookup (SQL, array, from a file, from where ever) to match the ID to the file, then send your headers and pipe that sucker through.

Did you even read my entire post? That is exactly what I recommended doing. I was referring to skibbli who recommended using the header command for location; which is a META redirect.

delayedinsanity · 03-08-2010, 04:10 PM

hah nope, I only know enough english to read the first two sentences of a post. When I hear META redirect, I think of the META html element though, so I just stopped reading. We all know you love your 40yr old scotch VI. Don't try to deny it. I know your level of work, and I've dealt with some of the same type of clients I know you have. It's hard not to be a little tipsy by afternoon. *hic*