CodeIgniter Forums

Full Version: What is the benefit of using force download
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi guys,

I was thinking to have a section to give access to users about download some files from my website.

The basic way is to put the full path as <a> or something like that.
But i want to hide the path, like when you click on the download button, find the file's id from DB and then just push to the browser to download. (in simple explain: never show the path to user ).

Is it possible? if its not please help me to have some other ways to make it.

the Purpose is to selling the files online, but if the user have the path ( my/files/file1.zip ) can guess the next is ( my/files/file2.zip ) and then they can use some download software to type file2 manually and then download, which is i wanna avoid this as much as i can.

Any idea?

Thanks for helps
You could generate a unique hash/code for each file you upload to your site (create an upload script on your site if you haven't already) and store the files in the DB with their hash.

Then display the download link as something like:

Code:
/download/SDFg39vTDp

You then have a route similar to:

Code:
download/(:any)

Which loads a controller where you can look up the file in the DB (using the hash), get the filepath (store this in the DB also) and force the output to the browser.

This will allow you to have unique, hashed download links which aren't (for the most part...) guessable or sequential. It also allows you to build in "secured" or "private" links if you wished, by adding logic to your controller to check for a password, or an active session before allowing the download.

Hope this helps!

PS: The other thing to consider is the fact that if you're selling files, someone could copy the link to the file they purchased, and then share that link anywhere they want. This is why you might want to consider building in some security around it or changing it so that when they purchase a file, it generates a one-time link which expires after a certain amount of time or a certain amount of downloads (or both).

This is probably the way to go to prevent people abusing your system.
(12-02-2015, 02:44 AM)ardavan Wrote: [ -> ]Hi guys,

I was thinking to have a section to give access to users about download some files from my website.

The basic way is to put the full path as <a> or something like that.
But i want to hide the path, like when you click on the download button, find the file's id from DB and then just push to the browser to download. (in simple explain: never show the path to user ).

Is it possible? if its not please help me to have some other ways to make it.

the Purpose is to selling the files online, but if the user have the path ( my/files/file1.zip ) can guess the next is ( my/files/file2.zip ) and then they can use some download software to type file2 manually and then download, which is i wanna avoid this as much as i can.

Any idea?

Thanks for helps


Force download tells the browser (that may have plugins to display the file) to instead download the file to the filesystem.

Example: Browsers usually have a PDF plugin, and PDFs are therefore displayed in the broswer. Force download forces the browser to instead download the file to your file system.

Since you are selling files, you will want to use a authentication system of some sort, and make sure the user is allowed to download before letting them download. Easy stuff.
Thanks JayAdra,

That's what i needed to know exactly.
Actually I'm trying to sell video files.

Yes, you're right maybe the user will copy the link and then paste it anywhere , but how its possible to only Play the video on website?
Should i use the same idea as you mentioned ?

i saw some websites like educational websites, they do this(we can only play on the website and no download or link!)
You can't hide the link, even if you will force users to watch video content online, you can always get the link using Dev Tools in your browser. The only how it might work, that you will have to generate "one-time-use" links for your videos, like let's says MD5 sum of userID+CurrentTime+UserSession or like this. Every refresh/request will generate new link. So, copying and pasting video url somewhere else will produce 404 error.
The links don't have to be one time use. In the download controller you could verify if the visitor is logged in and if he has access to that file.
(12-02-2015, 02:44 AM)ardavan Wrote: [ -> ]The basic way is to put the full path as <a> or something like that.
But i want to hide the path, like when you click on the download button, find the file's id from DB and then just push to the browser to download. (in simple explain: never show the path to user ).
Yes, CodeIgniter has a function called force_download. You must load the download helper first to use it. The user doesn't have to know the path of file. https://www.codeigniter.com/user_guide/h...elper.html I hope that helps.