Software, your way.
burger menu icon
WillMaster

WillMaster > LibrarySnooping (Information Retrieval)

FREE! Coding tips, tricks, and treasures.

Possibilities weekly ezine

Get the weekly email website developers read:

 

Your email address

name@example.com
YES! Send Possibilities every week!

Download Hidden Files

If you make the functionality available, someone can download a file without the downloadable file's location being revealed to them.

The hidden downloadable file may be anywhere in a public or protected directory of your domain. Alternatively, the downloadable file may be at another domain URL that has public HTTP or HTTPS access.

The DownloadFetch.php software is a PHP script. When it is installed, tapping a link to it with a code appended downloads the file. Example link URL:

https://example.com/DownloadFetch.php?abcxyz

The download code abcxyz would be listed in the source code of DownloadFetch.php, along with the location of the downloadable file to download.

If the DownloadFetch.php download link is shared without your permission, the code in the script can be changed or removed altogether.

This system can be used for distributing files in a limited fashion.

  • One-off documents.
  • Manually-handled electronic download sales.
  • Limited-time offers.
  • Files too large to attach to an email.

As noted, within the DownloadFetch.php script, you specify a download code and the location of the downloadable file. You may specify any number of codes. Also as noted, the downloadable file associated with a download code can be located on your server or at a URL of another domain.

When a browser arrives at DownloadFetch.php with a valid download code appended, the file associated with that code is downloaded.

Download Demonstrations

Two live download links are provided as demonstrations. To use them, you may tap the links directly or copy the link URLs and past them into a separate tab of your browser.

This first link, with download code abc123, downloads the Willmaster logo from this domain, the domain where DownloadFetch.php is installed:

https://www.willmaster.com/possibilities/demo/DownloadFetch.php?abc123

This second link, with download code 987zyx, downloads the Amish Recipes: Step-by-Step; How to Make Truffle Candy PDF from the WillBontrager.com domain:

https://www.willmaster.com/possibilities/demo/DownloadFetch.php?987zyx

Let's install the software.

Source Code

Here is the source code for DownloadFetch.php. Customization notes follow.

<?php
/*
Download Fetch
Version 1.0
August 18, 2022
Will Bontrager Software LLC
https://www.willmaster.com/
*/

/*
Customization section:
   Between the lines containing the CODELOCATIONS word, specify one or more 
codes and source locations. Each code and source location need to be on one 
line, code and source separated with at least one space.
   Codes are alphanumeric characters (all letters and numbers). Codes are 
case-insensitive.
   Source locations may be either:
      • The directory path of the file for the domain where this software is 
        installed.
      • The URL of a file at another domain.
   The directory path may be in any directory of the domain's document area, 
including access-protected directories.
   The URL must be to a file at a public location.
   Here are code/source examples:
      a1b2c3 /subdirectory/file2download.txt
      9z8y7x https://example.com/subdirectory/file2download.txt
   Blank lines between code/source lines are acceptable.
*/

$codesourcelist = <<<CODELOCATIONS
abc123 /images/wmlogo_icon.gif
987zyx https://WillBontrager.com/eBookDownloads/AmishRecipesStepByStepHowToMakeTruffleCandy.pdf
CODELOCATIONS;

/* End of customization */

if( empty($_SERVER['QUERY_STRING']) ) { echo 'Inappropriate access.'; exit; }
$code = strtolower(trim(urldecode($_SERVER['QUERY_STRING'])));
$source = false;
foreach( preg_split('/[\r\n]+/',trim($codesourcelist)) as $line )
{
   $codeline=trim($line);
   if( ! preg_match('/\w/',$codeline) ) { continue; }
   $ta = preg_split('/\s+/',$codeline);
   if( count($ta) < 2 ) { continue; }
   $s = strtolower(array_shift($ta));
   $src = trim(implode(' ',$ta));
   $src = str_replace(' ','%20',$src);
   if( $s == $code )
   {
      $source = $src;
      break;
   }
}
if( ! $source ) { echo 'Inappropriate access.'; exit; }
if( preg_match('!^https?\://\w!',$source) )
{
   $dwnld = '';
   $options = array(
      CURLOPT_RETURNTRANSFER => true,
      CURLOPT_HEADER         => false,
      CURLOPT_CONNECTTIMEOUT => 120,
      CURLOPT_TIMEOUT        => 120,
      CURLOPT_FOLLOWLOCATION => true,
      CURLOPT_MAXREDIRS      => 10,
      CURLOPT_USERAGENT      => $_SERVER['HTTP_USER_AGENT'],
      CURLOPT_VERBOSE        => false
   );
   $info = array();
   $ch = curl_init($source);
   curl_setopt($ch, CURLOPT_URL, $source);
   foreach( $options as $k => $v ) { curl_setopt($ch, $k, $v); }
   $dwnld = curl_exec($ch);
   $err = curl_errno($ch);
   $errmsg = curl_error($ch) ;
   $info = curl_getinfo($ch);
   curl_close($ch);
   if( $info['http_code']==200 and $err<1 )
   {
      $fsize = strlen($dwnld);
      $ta = explode('/',$source);
      $f = array_pop($ta);
      $ta = array();
      header("Content-Type: application/octet-stream");
      header("Content-Disposition: attachment; filename=$f");
      header("Content-Length: $fsize");
      echo($dwnld);
   }
   else { echo 'Downloadable file not found.'; }
}
else
{
   if( strpos($source,'/')!==0 ) { $source = "/$source"; }
   $source = preg_replace('/^'.preg_quote($_SERVER['DOCUMENT_ROOT'],'/').'/','',$source);
   $source = $_SERVER['DOCUMENT_ROOT'] . $source;
   if( file_exists($source) )
   {
      $fsize = filesize($source);
      $ta = explode('/',$source);
      $f = array_pop($ta);
      $ta = array();
      header("Content-Type: application/octet-stream");
      header("Content-Disposition: attachment; filename=$f");
      if( $fsize > 0 ) { header("Content-Length: $fsize"); }
      readfile($source);
   }
   else { echo 'Downloadable file not found.'; }
}
exit;
?>

Customization notes —

There is one place to customize, where the download codes and downloadable files are specified.

In the above source code, you'll see this:

$codesourcelist = <<<CODELOCATIONS
abc123 /images/wmlogo_icon.gif
987zyx https://WillBontrager.com/eBookDownloads/AmishRecipesStepByStepHowToMakeTruffleCandy.pdf
CODELOCATIONS;

Download codes and their downloadable file locations are specified between the lines that contain the CODELOCATIONS tag.

Each set of code and source location needs to be on one line, code and source separated with at least one space.

If the location begins with a server location, the file is to be found on the same domain as where DownloadFetch.php is installed. The location may be in a public or protected directory, so long as it is somewhere in the domain's document area — which is the document root and any subdirectories from there.

Otherwise, the location begins with http:// or https:// and is used when the source file is at a different domain. The URL, in this case, must be to a file in a public directory. To accomplish the download, DownloadFetch.php obtains the source file from the URL and stores it in memory. Then, the file is sent to the browser as a download.

In the above PHP softare source code, you'll see these examples:

abc123 /images/wmlogo_icon.gif
987zyx https://WillBontrager.com/eBookDownloads/AmishRecipesStepByStepHowToMakeTruffleCandy.pdf

The first line lists abc123 and source file location

/images/wmlogo_icon.gif

on the same server as DownloadFetch.php. The second line lists 987zyx and source file location

https://WillBontrager.com/eBookDownloads/AmishRecipesStepByStepHowToMakeTruffleCandy.pdf

Change the download codes and downloadable file locations as appropriate for your installation.

That is all for the customizations.

Save the source code as DownloadFetch.php or other *.php file name you may prefer, upload it, and make a note of its URL.

The appropriate DownloadFetch.php link with code appended can now be made available to the person or people who you want to have access to the file being downloaded. They won't know the source file's location unless they find out some other way.

If the DownloadFetch.php download link gets shared, the code in the script can be changed or removed altogether.

(This article first appeared in Possibilities newsletter.)

Will Bontrager

Was this article helpful to you?
(anonymous form)

Support This Website

Some of our support is from people like you who see the value of all that's offered for FREE at this website.

"Yes, let me contribute."

Amount (USD):

Tap to Choose
Contribution
Method

All information in WillMaster Library articles is presented AS-IS.

We only suggest and recommend what we believe is of value. As remuneration for the time and research involved to provide quality links, we generally use affiliate links when we can. Whenever we link to something not our own, you should assume they are affiliate links or that we benefit in some way.

How Can We Help You? balloons
How Can We Help You?
bullet Custom Programming
bullet Ready-Made Software
bullet Technical Support
bullet Possibilities Newsletter
bullet Website "How-To" Info
bullet Useful Information List

© 1998-2001 William and Mari Bontrager
© 2001-2011 Bontrager Connection, LLC
© 2011-2024 Will Bontrager Software LLC