Home/ Questions/Q 6880371
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T04:57:56+00:00

so suppose my server is located in http://www.example.com I then put a file file.exe

  • 0

so suppose my server is located in http://www.example.com

I then put a file file.exe in the files directory in the root server hence normally you can download that file by typing this into the browser

http://www.example.com/files/file.exe

And suppose that I have a php script that first authenticates the user and then redirect them to that file.exe download page

eg. using this method:

   header('Location: http://www.example.com/files/file.exe');
   exit(0);

what is the best way to

1.) prevent unauthenticated users from being able to access that file by typing in that URL above And

2.) have the php script still able to serve that file despite 1.) hence authenticated users should be able to download that file on that location

supposing that I use the standard LAMP stack (also I use Zend Framework)

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    0: Match your file with keys in database. EG. file.exe = 2fae

    1: Let user go to

    http://www.example.com/download.php?key=2fae

    2/3: Check if user has the right to download that key/file.

    3/2: Lookup in database, match that key with actual file path

    4: On download.php, write.

    header('Content-disposition: attachment; filename='.$actual_file_path_and_name);
header('Content-type: application/exe'); // optional
readfile($filename);

    It lets user download file.exe without letting him see the actual URL of file.exe. It happens on download.php.

    Ref: http://webdesign.about.com/od/php/ht/force_download.htm

    • 0