How to make temporary link for a downloadable file

Question

I am making a project for a temporary download link for me to protect the file from hotlinkers...

I believe that this is possible to do so.. because we all know that many of file sharing site "don't wanna mention any"... their link for the file has expiration...

Ex.

If I download one file from their site they give a direct link to click it right? but then that link will expire right after a few hours or minutes.

How should I know that the link was expired? If I copy the same link on my download manager after one day, it can't download the same file.

I already made this possible in htaccess.

Ex.

RewriteRule .*\.(rar|ZIP)$ http://domain.com [R,NC]

if they copy the direct link in the address bar of the browser they will be redirected in http://domain.com

But then if they copy the direct link on their download manager the file will be downloaded.

What if they post the link into any other site like forum website, blog, etc., and ask the reader to copy and paste the link into their download manager, so that they can download it directly.

This is the problem I want to prevent to protect my file. I am doing this on PHP but I can't figure it out...

Your help is very much appreciated.

Answer 1

Link to something like /downloads/abb76b3acbd954a05bea357144d614b4, where abb... is a random string such as a salted hash of the current time. When you make this link for someone, store the random string in a database table. This table might look like:

+----+-------------+----------------------------------+---------------------+---------------------+
| id | filename    | token                            | created             | modified            |
+----+-------------+----------------------------------+---------------------+---------------------+
|  1 | image.jpg   | abb76b3acbd954a05bea357144d614b4 | 2012-03-26 19:36:41 | 2012-03-26 19:36:41 |
|  2 | program.exe | 19660d0f5e0ca3d42e1718de5d0a1d7e | 2012-08-29 11:07:58 | 2012-08-29 11:07:58 |
+----+-------------+----------------------------------+---------------------+---------------------+

When you get a request at /downloads/..., look up the random string and send back the correct file. If the created timestamp is too old, don't do so. Use a cronjob to clean out old table rows, or less ideally, do this every time someone makes a request to /downloads/....

Answer 2

Use some code like this

 $path="uploads/";
                  $actualfilename=$path.$filename;
                  $fakefilename="downloadfile.pdf";
                   if($typeofview=="download") {
                          @readfile($actualfilename);
                        header('Content-type: application/pdf');
                        header('Content-Disposition: attachment; filename="' . $fakefilename . '"');
                        header('Content-Transfer-Encoding: binary');
                        header('Content-Length: ' . filesize($actualfilename));
                        header('Accept-Ranges: bytes');
                        exit;

add this to your .htaccess file

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule fakefile.php(.*)$ orignalfile.php?$1 [L,QSA]