Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
268 views
in Technique[技术] by (71.8m points)

php - how to hide the actual download folder location

I want to hide the download folder location so that when the user downloads a file he cannot see the location. I think this can be done using an .htaccess file but how do I do this? Alternatively how can this be done with PHP?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

This is how I do it in PHP:

<?php
$fakeFileName= "fakeFileName.zip";
$realFileName = "realFileName.zip";

$file = "downloadFolder/".$realFileName;
$fp = fopen($file, 'rb');

header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename=$fakeFileName");
header("Content-Length: " . filesize($file));
fpassthru($fp);
?>

Additionally, if you don't want anyone to have access to the file location, put a file named .htaccess into your download folder with only the contents:

deny from all

I changed the code a little. First when I say fake file name and real file name, the fake filename is the name that the downloader will download the file as, where the real filename is the name of the actual file in the download folder on your server.

Also, I check to make sure the user is logged in and is able to download the file. If he chooses to download the file, a PHP file is called in a new tab (with the download code from above), then at the end of the file I have the line:

exit;

So when he clicks on the download link, a blank page pops up in a new tab quickly, then quickly exits and the download begins.

EDIT: The download link looks something like this:

<a href="simpleDown.php?id=<?php echo $_GET['id']; ?>" target="_blank">Download!</a>

Where id is the id of the download in the database, and in the download script from above I find the entry with that id, then get its real file name and the fake file name. You can do this without the database though.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...