"Wes" <sa************@hotmail.com> wrote in message
news:3f***********************@nnrp.fuse.net...
I am trying to secure different files, mostly pdf, so only the person
suppose to see the file that was designed for that individual can see it.
I am using sessions to secure the actual web pages, but now I am trying to
secure non-php files. Here is where I need some help/clarification.
I would just like to add, if your dir is like this
/home/domain/www
i would do this (it is just cleaner)
/home/domain/www
/home/domain/securefiles
and have the script read files from "../securefiles/$filename";
now this doesnt mean they are secure becouse if your show a link to get it
they just save the link, so here is some code with a link time-out
$file = "myfile.pdf"; // file to download
$timelimit = 30; // 30 seconds
// this is so nobody figures out the timeout string
$secretkey = "make up some secret key here";
$timeout = base64_encode(gzcompress(md5($secretkey)."|".time( ) +
$timelimit));
$link = "<A HREF='download.php?f=$file&t=$timeout'>Download Now</A>";
print $link;
----------------
now here is the exact download.php script
<?
$filename = $_GET'['f'];
$timeout = $_GET['t'];
// HAS TO BE EXACLY THE SAME AS ABOVE CODE!
$secretkey = "make up some secret key here";
// place to send them if expired or invalid key
$errorpage = "http://www.domain.com/dl-error.html";
$timeout = gzuncomress(base64_decode($timeout));
list($key,$expire) = explode("|",$timeout);
// if the keys dont match, send them to a page that explains
if (md5($secretkey) != $key)
header("Location: ?f=$filename");
// if expired, send them to a page that exmplains that
if (time() > $expire)
header("Location: http://www.domain.com/exipired.php?f=$filename");
now lets send the file out
header("Content-type: application/pdf");
header("Content-disposition: filename: $filename");
header("Filename: $filename");
header("Content-length: ".filesize("../securefiles/$filename"));
readfile("../securefiles/$filename");
exit(); // to ensure no more bytes sent
?>
--
Mike Bradley
http://gzen.myhq.info -- free online php tools