Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Secure file download in PHP, deny user without permission

Tags:

file

php

download

I'm making a website where you can buy files for virtual points, and then download them. I don't want to let users download the files without buying it, so I have to hide them. I put all the files in a folder without permission for anyone except host, the problem is when someone buys a file and wants to download it.

I decided to make a file getter, that will check permissions of user and then print out the file contents. My code so far:

<?php
    require_once('content/requirements.php'); //mysql connections
    secure(1); //disconnect unlogged users

    if (!isset($_GET['id'])) //if no file id provided
        die();

    $fid=mysql_real_escape_string($_GET['id']); //file id

    $query="SELECT * FROM files WHERE user_id = "$_SESSION['user_id']." AND file_id = ".$id;

    $q=mysql_query($query);

    if (mysql_num_rows($q)!=1) //if no permission for file or multipe files returned
        die();

    $file=mysql_fetch_array($q); //file id
    $sub=mysql_fetch_array(mysql_query("SELECT * FROM sub WHERE id = ".$file['file_id'])); //payment id
?>

Now when Im sure the user is authorized to do this, phpScript should write the file contents and send appropiate header to let user download it.

How to read file byte-by-byte and print it and what should i write in header(), to make the file downloadable (so you don't have to copypaste its contents).

Maybe this is not the best way to do this, but it was the best thing I thought of in a while.

Thanx for any help.

like image 480
noisy cat Avatar asked Nov 19 '12 12:11

noisy cat

2 Answers

from readfile php doc

if (file_exists($file)) {
    header('Content-Description: File Transfer');
    header('Content-Type: application/octet-stream');
    header('Content-Disposition: attachment; filename='.basename($file));
    header('Content-Transfer-Encoding: binary');
    header('Expires: 0');
    header('Cache-Control: must-revalidate');
    header('Pragma: public');
    header('Content-Length: ' . filesize($file));
    ob_clean();
    flush();
    readfile($file);
    exit;
}
like image 137
Luca Rainone Avatar answered Nov 02 '22 22:11

Luca Rainone

There are many script available on google, Below are few links:

http://www.tutorialchip.com/php-download-file-script

http://www.webinfopedia.com/php-file-download-script.html

like image 29
VibhaJ Avatar answered Nov 02 '22 22:11

VibhaJ
Sign in to Comment

Related questions

Creating a login system in PHP [closed]
INSERT INTO table VALUES.. vs INSERT INTO table SET Error
Adding key=>value pair to existing array with condition
How to name exceptions (PHP)?
PHP MongoDB $exist not working
Using functions like array_walk (and similar functions) to modify arrays in PHP >= 5.3
How to sort MySQL results with letters first, symbols last?
php 5.3 fwrite() expects parameter 1 to be resource error
Ways to pass php post data to javascript
WAMP Uploading large File
show stack trace in yii framework
Is it possible to check if a value exists inside an array full of objects without looping?
Requested unknown parameter '1' from the data source for row 0 in DataTables
PHP Directory Permissions Check
Converting an AM/PM time to 24 hours format using PHP or MySQL?
Convert index to grid coordinate mathematically
Login with Google Plus on My Website
How to get the innerText of an element with SimpleXml
How to add salt in user password?
PHPExcel specific cell formatting from style object

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!