Today, I’ll be showing you how you can easily protect your downloadable media.
Why would you want to do this? Well, often we want to hide the location of the downloads, to stop people leeching your content. And most measures can be easily swerved.
Here is a method I quite like. I have annotated everything for your convenience.
Filename: download.php
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | <?php $filename = "downloaded.zip"; // this is the fake name you want the downloaded file to be called. $source = "/downloads/thefile.zip"; // this is the real name and location of the file. if(file_exists($source)) { // check that the real file exists, if so do the following.. header('Content-type: application/zip'); // set the content type of the current page to the type of file being downloaded header('Content-Disposition: attachment; filename="'.$filename.'"'); // Forge the download name by setting filename= readfile($source); // grab the real file to prompt download. } else { // if the file doesn't exist echo "Error: File not found!"; // display error message } ?> |
So how do we use this? going to the destination: mysite.com/download.php would grab the file ‘thefile.zip’ from the /downloads/ folder, and prompt you to download it, but with a new name of ‘downloaded.zip’
This is the simplest version of this method. Obviously with use of $_GET requests you can have download.php choose varying files from the /downloads/ folder. Example below:
Filename: download.php
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | <?php $id = $_GET['file']; $filename = "downloaded-".$id.".zip"; // will forge the name downloaded-5.zip (if download.php?file=5 is requested) $source = "/downloads/thefile-".$id.".zip"; // will pick the real file titled thefile-5.zip (if download.php?file=5 is requested) if(file_exists($source)) { // check that the real file exists, if so do the following.. header('Content-type: application/zip'); // set the content type of the current page to the type of file being downloaded header('Content-Disposition: attachment; filename="'.$filename.'"'); // Forge the download name by setting filename= readfile($source); // grab the real file to prompt download. } else { // if the file doesn't exist echo "Error: File not found!"; // display error message } ?> |
It gets even more advanced once you start playing with more and more security. When dealing with premium ($$$) content, it’s good to use a database and give all your files a masked name, by MD5 encoding the names, storing them in a database with an assigned ID, and having download.php retreive the filename from the database to know which file to retreive. But that’d look a little messy for this tutorial!
I hope you learned something by reading this..
Thanks for reading!
Popularity: 8%
