Hide download link

Asked

Viewed 240 times

0

I am with a difficulty, I made a system that releases file download for each specific user, this verification is done by the logged user code and filters month and year that the user fills, so necessarily the person has to be logged in to generate this link, but once the person downloads anyone can using this link download the file again and that’s what I didn’t want, I’d like that link to be hidden, there’s some way to do it?

<?php
$pasta = '/arquivos';
$arquivos = "$user->cod_func".'  '.utf8_decode($_POST['select_mes']).' de '.$_POST['select_ano'].'.pdf';
$filename = 'arquivos/'.$arquivos;

if (file_exists($filename)) {
?>  
Download do Arquivo: <a href="?action=download&file=<?php echo base64_encode("$pasta/$arquivos"); ?>"><?php echo $_POST['select_mes'].' '.$_POST['select_ano']; ?></a>
<br>
Vizualizar: <a href="?action=embed&file=<?php echo base64_encode("$pasta/$arquivos"); ?>"><?php echo $_POST['select_mes'].' '.$_POST['select_ano']; ?></a>
<br>

<?php
} else {
echo "Não existe holerith no mês selecionado";
}
?>
  • You can do the same validation on the download page, only releasing the download case all right. And it would be good not to pass the file path, use some code to identify.

  • Exactly what I want to mask this address at the time of downloading, the user validation is done by joomla ai in PHP I only get the session, but even validating it around only restricts if I access php direct if I access the generated link it still downloads the file

1 answer

0

Two alternatives:

The first and easiest is when entering this page where you have the download link, you save in the session the file that will be downloaded. The link no longer needs this parameter, it can only be /download. In this /download, for example, you check if there is any file in the session and if there is, you send this file that even you do in the current link, but this prevents it to open two pages like this.

The other alternative is for you to create a table with a randomly generated key (primary key), user oid, and downloadable file. When entering this page you create this record and the url, instead of passing the file parameter, you can pass the key and there on the other page search the file by key in the database and return the file to download.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.