|
|
Posted by Iain Napier on 12/17/05 03:36
I'm in the middle of developing a website with a downloads section.
It's a wad of educational software for an LEA which for obvious reasons
needs password protecting. Users have to authenticate before being
allowed to search and getting a link to the download.
Don't want the users to get at the files without logging in first, so I
created a script (filedownload.php) that adds the filename to the URL
query string (e.g., filedownload.php?file=file1.zip)
filedownload.php then simply prepends the full name of where the files live:
header("Location: http://www.xyz.com/fileslivehere/file1.zip");
I thought this would do the job so the user wouldn't get to see the full
URL on screen, but I've just realised it appears in the browser history
(At least in IE, haven't checked Mozilla or others.)
I don't have shell access to the web server so this must be PHP only, or
achievable with shell commands executed via PHP. I was thinking about
copying a 'master' file to a temporary random file name but most of the
files are 200-300 meg so I'd like to avoid this, then there's the
problem of knowing if the file has downloaded okay to delete the
temporary file[1].
I'd say this isn't a new problem! How have others achieved the same
thing on their sites?
Navigation:
[Reply to this message]
|