Case study:
We would like to provide pdf files to be downloaded by visitors, but the file location is hidden. Visitors can download file with URL given only. Programming language used is PHP.
Analysis:
We could make a link directly to the file location. Example:
<a href="myebook.pdf">Download MyEbook</a>
What happen if the link above clicked? It depends to the visitors’ browser. If the plugin to read pdf is installed, then browser will open that file inside browser. But, how if there’s no pdf reader plugin? Then a save file dialog box appear. We could save that file.
A problem is done if the visitors don’t have pdf reader plugin. But what about the visitors who have it? Of course the problem is not solved. Another problem is the visitors know the file location, so it allows the visitors to download the file directly (download it directly by typing/copy paste the URL in the browser, without clicking from link given).
Solution:
We need a bit code (PHP) to solve this problem.
The code to avoid direct download is shown below:
-
-
switch($task) {
-
case 'download':
-
// file location
-
$file_path = 'dl/myebook.pdf';
-
-
// function to get file name without path
-
$file_name = basename($file_path);
-
-
// get file size
-
$fsize = filesize($file_path);
-
-
// set headers
-
header("Pragma: public");
-
header("Expires: 0");
-
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
-
header("Cache-Control: public");
-
header("Content-Description: File Transfer");
-
header("Content-Type: application/pdf");
-
header('Content-Disposition: attachment; filename="' . $file_name . '"');
-
header("Content-Transfer-Encoding: binary");
-
header("Content-Length: " . $fsize);
-
-
// start downloading from here
-
$file = @fopen($file_path,"rb");
-
if ($file) {
-
while(!feof($file)) {
-
print(fread($file, 1024*8));
-
flush();
-
if (connection_status()!=0) {
-
@fclose($file);
-
die();
-
}
-
}
-
@fclose($file);
-
}
-
-
break;
-
default:
-
echo '<a href="dlfile.php?task=download">Download MyEbook</a>';
-
break;
-
}
You need to concern to this line:
header('Content-Disposition: attachment; filename="myebook.pdf"');
This line forces browser to show save dialog box for “myebook.pdf” although there’s pdf reader plugin in the browser.
To change file type (exe or zip), we need to change Content-Type only. Here are the lists:
// archives application/zip
// documents application/pdf application/msword application/vnd.ms-excel application/vnd.ms-powerpoint // executables application/octet-stream
// images image/gif image/png image/jpeg
// audio audio/mpeg audio/x-wav
// video video/mpeg video/quicktime video/x-msvideo
File starts downloading from the line after this line:
// start downloading from here
There’s a question. Why do we need to avoid direct download? The purpose is to check how many times a file has been downloaded. If the visitors are allowed to download files directly, I’m sure it will be difficult to know how many times a file is downloaded. If you don’t need to check how many times the visitors download your files, you could use both direct download or indirect download.
Related posts: