Hello everybody I'm new here please be friendly and don't get angry cause I'm a beginner.
To introduce you:
First I generated a pdf and save it after the user bought the file in a protected folder on my server. Than I save the path to this file with an id in my database.
Second have a php file where I show the user contents/entrys from a database like a download link for the file.
My link looks like this:
<a href="http://my-website.de/download?link=<?php echo $row["url_to_my_file"] ?>" target="_blank">Download you file</a>
When the user clicks on it he'll be redirected to my download.php where I get the url and send the user the download:
$my_file = file_get_contents($_GET['link']);
$size = strlen($my_file);
$file_name = 'My_file_name.pdf';
header('Content-Disposition: attachment; filename="' . $name . '"');
header('Content-Type: application/pdf');
header('Content-Length: ' . $size);
echo $my_file;
It works all fine but I have a big problem. When the user right clicks on the link he can see the path where the file is and he can download the file just like his mind (and not mine) and also when I lock the site where he can download the file because he know the download link.
No I get the idea to generate a md5 string and save it in my database when the user clicks on Download. That's my approach:
//Generate unique download key
$key = md5(uniqid(rand(), true));
//Insert into my database
$sql = "INSERT INTO download_keys (md5_key, expired, download_link)
VALUES ('$key', false, '$url')";
Seacond give the user a new link:
<a href="http://my-website.de/download?link='$key'" target="_blank">Download you file</a>
But I cant do this in my file where I show the user the files and don't know how to deal with more than one file?
This is my new download.php
$key = $_GET['key'];
$sql = "SELECT download_link FROM download_keys WHERE '$key' = md5_key AND expired = 'false'";
//Check if sql is empty or not
if (mysql_num_rows($sql)==0) {
echo "No file found or key expired!";
} else {
$link = $row["download_link"];
}
$sql = "UPDATE download_link SET expired = 'true' WHERE '$key' = md5_key";
At the end I change the expire value to true so when the user want to download the file with this link again it don't works.
Whats the right way to implement this unique file download function so that the user just see the key and not the path?
So all in all: I want to make a secret download link which the user can use only one. To download the file again he has do click the download button on the site even if he know the url
Thank you for your help! I hope you understan my problem. Thanks.
