Is it possible to use php to do the following:

Have a page, example, download.php, and on that page have php code that checks the url like this:




if($_GET["id"] =="8394hf7fs78d56"){

some code...

}else{

some other code...

}



Now, here's the tricky part....:

- I want the php to echo a page, and on it the download information etc. plus use the header function to take them to the zip file, thus hiding its URL.

- However, you must use the header function before the other headers are sent out and that means the page cannot be displayed....?

I am kind of stuck you see.....

Is there some other code, like include(); or require(); that could run in the background using the header fucntion, after the page has been displayed...

Or even use a meta tag or javascript, BUT still somehow hide the URL?

Anyway, tell me what you think...

Well, at least you did your homework, unlike all the other New Coders who don't know what the heck PHP is.

Well yeah, I code PHP a lot, but I have not yet faced this problem....

Could you help, or know someone who could?

Anyone on this forum know how to....... Please!

We'll read the post and answer if we have the time/answer, and understand the question, so there's no need to make silly accented titles... ___###LOOK AT ME###___ is just annoying.

And.... now... to stop being distracted by the title.... I'll look at the question.

First, get over the idea of hiding URLs, protecting files, disabling right click. It's all silly.
However, let's assume you've got a reason because this specifically has a solution, though you should be very clear that there is no real way to stop this, and this solution is flawed, overall, but it will 'help', I guess.

You can't send two pages in one page. That's just... weird.

The idea of include and require is logical, but won't work. When doing so, it just, basically, inserts the code of that page into your page, so include('a.php'), where a.php is "<? php echo "hello"; ?>" is just like using 'echo "hello";' in your original code. So... roundabout, but not enough ;)
And, I think, even if you did this (which might be possible routing through a second server as a buffer, but I'd have to play with it to see), then you would still be sending a second (probably ignored) header, which will do nothing at best, or likely cause problems.

So... you need to send two pages... basically.

Two options:

1. meta tag
2. iframe

1. with the meta refresh tag, you can do this quite easily.
<meta http-equiv="refresh" content="0;url=http...file.zip">
Change the url to the file; use absolute URLs, not relative filenames, to keep to standards, though that can work too.
The 0 means how many seconds, so this, as in your case, will work best... or you could wait a bit.
Depending on the browser, then, it *should* probably just open with a save as dialogue or just save to the default location and not navigate to a new page, but some browsers like to go to a white page, at least in some cases.

2. iframe... simply output an iframe tag (or if you really wanted, a frameset), then have that iframe have the url of the file to be downloaded. set the width/height to... well... 0, I guess.


Either way, and for that matter, any way, you can't hide the url from the source code, though it won't be entirely apparent to the user.

If you wanted to create a link that could not be reaccessed, then there's a sorta complex way you could do that with PHP.

Output the file with PHP, not a direct link to the real file. Place the file (which can still be accessed by PHP) in a folder that does not allow direct http connections... basically password protected, or better yet, outside of the public_html folder, so it's just not accessible.

Then on the page that is generating the meta tag (this is the method I would recommend), then forward to a php url containing a randomized key.... or... actually, not so random.

Assuming this is immediate, you could use the combination of a password and the current time, combined with md5():
$key = md5(time().'mypass');
Then use that on the next page, which is reached via, ex: page.php?key=2923af90b19c0e4d0e

On that next page, assume that it must be recieved within a time limit, of say 10 seconds (just the request, not the loading), so....

$key = $_GET['key'];
if ($key = md5(time().'mypass') || $key = md5(time()-1.'mypass') || ... || $key = md5(time()-10.'mypass') {
output_your_file();
}
else {
echo "You must access this download page after gaining access to the file.";
}

Also, if you only use one key, anyone could obtain it and easily just type in the url and go. You may want to try an array with some random urls, then set sessions to remember/validate it. I use this method for the activation e-mail on my site.

Well, that's what I just did above. It bases it on server time and a password never given to the user then combined with md5. Not possible to hack that... or.... not probable. No one would do that much work. Heh.


The other option is, yes, random keys, in a database, if you need to go back later, or send an email link. I did forget to mention that.

Hay djr33!

Yeah, sorry then for the crazy title.

Anyway, your method with a key and time with md5() is very interesting, however can you make it will work like so...

After a transaction php directs to a page:

http://www.****.com/download1.php?id=**********

and that page checks the id by a




if($_GET['id'] =="**********"){

some code, see below

}else{

}



Now can I place your md5(time and key) were it says "some code, see below" so that the next page, through a php header direct will the check the md5 hash, if it has been less that 40 seconds then it uses a meta refresh to download the file, but if the the hash has been there for more that 40 secs, the page directs or echos "Ahh you failed!" or something :)


============================================================

I have tried the code you supplied me with However, it does not seem to work... I am hosting with godaddy, does this matter?

============================================================

Thanks a heep!

There is another way to hide the file name. In a php script, you can use the copy function to copy the file you want to be hidden to a different name located in the same directory as your phpscript, then delete the file after it's downloaded. The copy function is this:
if (!copy($hiddenFile, $tempFile)) {
echo "failed to copy $tempFile...\n";
}
else {
echo..........
}Now, you probably want to use a security framework, something similar (or identical) to what's used for secure text downloads. (I've used it for archived files) The code for doing that can be found here: http://www.higherpass.com/php/tutorials/File-Download-Security/1/Later, after the download, you can delete the $tempFile using unlink($tempFile); in a script run from the same directory as the $tempFile file.