how to encrypt file download path

I want to allow users to download pdf file from one of my folder. Is there any 开发者_如何学Cway i can hide the download path from the user when user "mouseover" to the file download icon ?

Suggest any method using PHP or javascript.

Point the browser at a PHP script instead, passing a key that represents the filename to download. Decode the key, and send the file via the PHP script.

At some point you will have to give the browser the real URI so it can fetch the file. Trying to conceal it is pointless.

I don't believe this to be true. There's a simple way to protect the files on your server from unprivileged downloading using PHP's fpassthru. If you were to have a file called download.php, with the following contents:

<?php

/**
 * Make sure the downloads are *not* in a publically accessible path, otherwise, people
 * are still able to download the files directly.
 */
$filename = '/the/path/to/your/files/' . basename( $_GET['filename'] );

/**
 * You can do a check here, to see if the user is logged in, for example, or if 
 * the current IP address has already downloaded it, the possibilities are endless.
 */


if( file_exists( $filename ) ) {
    /** 
     * Send some headers indicating the filetype, and it's size. This works for PHP >= 5.3.
     * If you're using PHP < 5.3, you might want to consider installing the Fileinfo PECL
     * extension.
     */
    $finfo = finfo_open( FILEINFO_MIME );
    header( 'Content-Disposition: attachment; filename= ' . basename( $filename ) );
    header( 'Content-Type: ' . finfo_file( $finfo, $filename );
    header( 'Content-Length: ' . filesize( $filename ) );
    header( 'Expires: 0' );
    finfo_close( $finfo );

    /**
     * Now clear the buffer, read the file and output it to the browser.
     */
    ob_clean( );
    flush( );
    readfile( $filename );
    exit;
}

header( 'HTTP/1.1 404 Not Found' );

echo "<h1>File not found</h1>";
exit;

You can call download.php with ?filename=test.foo, and it will download /the/path/to/your/files/test.foo, which is not publicly accessible.

At some point you will have to give the browser the real URI so it can fetch the file. Trying to conceal it is pointless.

Set some sort of time limited credentials and authenticate before allowing access to the download if you want to limit who can access it.

Yes, you can use javascript to redirect the user when they click a link that leads to '#', e.g.

<a href="#">Secret File</a>

However, this is pointless since it will always be possible to trace what file is being downloaded (by using an HTTP sniffer, for example, or other tools). Essentially, what you're asking for is impossible and unreasonable.

If you need to make sure that the file is accessed only by some people, make them log in and check the credentials before giving them the data. Hiding the path is not the way to go.

Before Passing FilePath it to download_file() fucntion. Append the path to file id. Like Below.


$FilePaths='../Uploaded Files/'.$FilePath;

download_file($FilePaths);

function download_file( $fullPath )
{

  // Must be fresh start
  if( headers_sent() )
    die('Headers Sent');

  // Required for some browsers
  if(ini_get('zlib.output_compression'))
    ini_set('zlib.output_compression', 'Off');

  // File Exists?
  if( file_exists($fullPath) ){

    // Parse Info / Get Extension
    $fsize = filesize($fullPath);
    $path_parts = pathinfo($fullPath);
    $ext = strtolower($path_parts["extension"]);

    // Determine Content Type
    switch ($ext) {
      case "pdf": $ctype="application/pdf"; break;
      case "exe": $ctype="application/octet-stream"; break;
      case "zip": $ctype="application/zip"; break;
      case "doc": $ctype="application/msword"; break;
      case "xls": $ctype="application/vnd.ms-excel"; break;
      case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
      case "gif": $ctype="image/gif"; break;
      case "png": $ctype="image/png"; break;
      case "jpeg":
      case "jpg": $ctype="image/jpg"; break;
      default: $ctype="application/force-download";
    }

    header("Pragma: public"); // required
    header("Expires: 0");
    header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
    header("Cache-Control: private",false); // required for certain browsers
    header("Content-Type: $ctype");
    header("Content-Disposition: attachment; filename=\"".basename($fullPath)."\";" );
    header("Content-Transfer-Encoding: binary");
    header("Content-Length: ".$fsize);
    ob_clean();
    flush();
    readfile( $fullPath );

  } 
  else
    die('File Not Found');

}

Like other have pointed out, at some point, you have to reveal the URL but if all you want to do is hide it from the status bar, you can do this:

<a href="http://example.org" onmouseover="window.status='Add something here.'; return true;" onmouseout="window.status=''; return true;">Description</a>