Pages

Thursday, October 11, 2012

Simple and Secure PHP Download Script with Limits Tutorial


Below is the important preparation you need to do:
1. Create a folder in your web server that contains the content to be downloaded (e.g ebookdownloads).
2. Change the file permission of the directory to 755.
3. Upload the content for downloading to that folder (e.g. ebook.pdf).
4. This folder will not be publicly visible during the downloading process, so your user will not have an obvious idea as to where the files are saved. Even if they managed to learn the path, any direct downloading will be denied by the server (details below).
5. Upload .htaccess inside this protected folder containing the content for downloading. The htaccess should force downloading of the content type (for example, if it is a PDF file) as well as prevent direct file downloading and any forms of hot linking. Below is the content of the .htaccess:
<Files thisisyourprotectedfile.pdf>
  order deny,allow
  deny from all
</Files>
<Files *.pdf>
  ForceType application/octet-stream
  Header set Content-Disposition attachment
</Files>
6. The recommended file permission for .htaccess and the file for downloading is 644.
7. On the page where you need to present the download link, you can use this code below:
<a rel="nofollow" href="http://www.yourdomain.com/download.php">Download this Content</a>
Let's name our download script "download.php." It needs to be uploaded to the root directory of your website. Aside from using the anchor text "Download this content," you can also use a download button/image link to make it look attractive and prominent to the user.
8. On the download page where you are presenting the download link to the user, you need to place the session key script at the top most part of the page. The page where you will need to show the download link should execute a PHP script or have a .php extension.
<?php
session_start();
$key= 'This is your example key, please change this.';
$_SESSION['key'] = md5($key);
?>
Since this is a PHP script, the download page should support PHP and not be a pure HTML page.


source: http://www.devshed.com/c/a/PHP/Simple-and-Secure-PHP-Download-Script-with-Limits-Tutorial/
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)