How to protect file url with PHP?

**khan** · 20.12.11, 06:27

can you be more specific with example? its too complicated to understand. do u want to protect ur files from direct download? or u wanna hide ur files url with another.. in first case you can use hotlink protection and in second case you can use mod_rewrite on .htaccess.

**GumSlone** · 20.12.11, 12:27

Originally posted by yoblooc295 View Post

can anyone help me?

i want to protect my file's url with PHP but i don't know how to do that
can u share php code to do that?
i'm vietnamese,so my english not good

PHP Code:


$file_url = 'http://some_site.com/pathe/file.jpg';
$contents = file_get_contents($file_url);
echo $contents;

you will also need to send correct headers.

if the file is located on your site i would recommend to use

PHP Code:


echo readfile($file_path);

or you can also use rewrite rules in you htaccess

**razzbee** · 21.12.11, 09:35

Gumslone's question is right... the best way is to put the file out side the folder where it can be executed eg. public_html ,using the correct headers,use echo readfile($file_path); as Gumslone said....

**timo** · 23.12.11, 03:29

gumslone right you can protect your files using fread with correct header type to make it downloadable

**just_m3.** · 10.01.12, 11:12

Originally posted by GumSlone View Post

PHP Code:


$file_url = 'http://some_site.com/pathe/file.jpg';

$contents = file_get_contents($file_url);

echo $contents;

you will also need to send correct headers.

if the file is located on your site i would recommend to use

PHP Code:


echo readfile($file_path);

or you can also use rewrite rules in you htaccess

Something else to mention :p don't use $_GET['file']; in a

PHP Code:


echo readfile($file_path);

function because someone else can download your site files // via modified url ..

for example if someone requests connectdb.php via your link like download.php?file=connectdb.php it will download your file .. now depends on the header you use to save the files ..

ex:

PHP Code:


<?php

$file = 'monkey.gif';



if (file_exists($file)) {

    header('Content-Description: File Transfer');

    header('Content-Type: application/octet-stream');

    header('Content-Disposition: attachment; filename='.basename($file));

    header('Content-Transfer-Encoding: binary');

    header('Expires: 0');

    header('Cache-Control: must-revalidate');

    header('Pragma: public');

    header('Content-Length: ' . filesize($file));

    ob_clean();

    flush();

    readfile($file);

    exit;

}

?>

you could select the path from an database ..
example:

$file =mysql_query("SELECT * FROM table WHERE fileid='".$myid"'.");

readfile($file['path']);

**razzbee** · 11.01.12, 01:14

@ just_m3 its true,again if possible,U can check the ip for double request to prevent data copiers and bot copiers from wasting ur bandwith for their benefits....

How to protect file url with PHP?

How to protect file url with PHP?

Comment

Comment

Comment

Comment

Comment

Comment