Hi All,

I want to put a downloadable pdf file on my site. The file could be freely
downloaded, however, I want to force people to link not to the file but to
the page.

Any idea how to start downloads after user clicks DOWNLOAD button on my
page, but without showing a link to the file itself?

I was thinking about using something like

<?
header("Content-type: application/pdf");
$fname = 'mypdf.pdf';
$file = fopen($fname,'r');
$buf = fread ($file, filesize ($fname));
fclose($file);
echo $buf;
?>

but I am not sending filename here and I recall there are some problems
with sending filename, especially in case of IE.

Perhaps there is some way to send a file with temporary url - valid only
throughout the session?

Any other ideas?

Best,
Borek
--
http://www.chembuddy.com
http://www.bpp.com.pl

Borek <m.borkowski@delete.chembuddy.these.com.parts> wrote:

There are probably a lot of approaches that will work. Here is a
suggestion:

* Make the file virtual, and hook requests into your 404 exit. What
level of data you are willing to store temporarily on your sever
determines exact format of url used for the request. If you are
willing to store data temporarily, you can make the url a timestamp
request (microtime) and look up the associated file when the request
comes in, this is the most secure but costs (a small amount of) server
time. If you are unwilling to store temp-data on the server, you can
make the filename in the url clear, or add a timestamp then check how
long since the timestamp, or the requestor's ip plus the timestamp,
the methods of encoding go on and on.

* When a recognized request comes in, check referrer if you are
willing to drop requests from the few browsers that don't provide
referrer url, and make sure the request is from your page.

* Just echo the file and headers once you are satisfied with the
request, here is a PHP example of how to echo the file:

$text = getFileTxt($whatever_args);
$tlen = strlen($text);
header("HTTP/1.1 200 OK");
header("Content-Type: text/plain");
header("Content-Length: $tlen");
echo $text;

You'll need to change content-type to whatever the pdf mime type is.
I do not believe you need to specify filename. The above snippet has
been supplying robots.txt to everybody and his brother for some time
now, no problems I'm aware of with IE.

Doubtless there are approaches that involve nothing more than
specifying magical stuff in the .htaccess file, but I'll leave that to
the .htaccess magicians.

--
http://www.ren-prod-inc.com/hug_soft...action=contact

Borek wrote:

Check the Referer HTTP header. If Referer contains your domain name, or
is empty, allow them access to the file. Otherwise, redirect them to the
page. This could easily be done using Apache directives -- for example, in
a .htaccess file, something like:

RewriteEngine On
RewriteBase /mydir
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !example\.com [NC]
RewriteRule myfile\.pdf$ mypage.html [R]

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact

On Fri, 03 Mar 2006 09:09:17 +0100, Toby Inkster
<usenet200602@tobyinkster.co.uk> wrote:

Or with ISAPI_Rewrite for IIS servers, with something like:

[ISAPI_Rewrite]
RewriteCond Referer: .+
RewriteCond Referer: (?!http\://(?:[^.]+\.)?example\.com).*
RewriteRule myfile\.pdf mypage.html [I,F]

or, more generic, to exclude access from other sites directly to all sorts
of files on your server:

[ISAPI_Rewrite]
RewriteCond Referer: .+
RewriteCond Referer: (?!http\://(?:[^.]+\.)?example\.com).*
RewriteRule (.*\.(?:zip|js|txt|doc|tcl|css|pdf)) / [I,F]



--
______PretLetters:
| weblog | http://www.pretletters.net/weblog/weblog.html |
| webontwerp | http://www.pretletters.net/html/webontwerp.html |
|zweefvliegen | http://www.pretletters.net/html/vliegen.html |

Toby Inkster <usenet200602@tobyinkster.co.uk> wrote:

Aha! I knew there would be a .htaccess-wizard solution! <g>

I tend to avoid putting things in .htaccess that perhaps I could. The
rules and statements that go into .htaccess are too brief and cryptic
for my taste. It reminds me of writing a "C" if-statement, or maybe
specifying a regular expression. If I put it in actual code rather
than in .htaccess then I can actually test it and make sure it works;
if I puzzle up some cryptic lines for .htaccess then I really can't
test it very well. Maybe I'm just too stupid, or insufficiently
faithful, but I've coded more than enough "C" if-statements to realize
that hey guess what, I tend to screw them up. So I'm wondering, is
this a totally aberrant viewpoint, or are there others that share it?
If it is a disease, what is the cure? (Please don't recommend
castor-oil or an enema!)

--
http://www.ren-prod-inc.com/hug_soft...action=contact

hug wrote:

I agree with that course of action, though not necessarily for those
reasons. :-)

..htaccess is an inefficient way to add rules to Apache. httpd.conf is much
nicer.

But not everything that's possible by configuring Apache is also possible
via PHP. e.g. nice URLs a la MultiViews / mod_rewrite.

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact

Toby Inkster <usenet200602@tobyinkster.co.uk> wrote:

Frankly I'm not sure if I have access to the .config file. I still
have much to learn.

--
http://www.ren-prod-inc.com/hug_soft...action=contact

Toby Inkster <usenet200602@tobyinkster.co.uk> wrote:

With PHP you can come close by using PATH_INFO, e.g.

http://cabosurfshop.com/photo.php/eview/3.html

--
John Experienced (web) developer: http://castleamber.com/

Textpad quick reference card (pdf): http://johnbokma.com/textpad/

John Bokma wrote:

I know, and I'm using PATH_INFO in a current project (BTW, it's also
available in CGI), but notice you still have ".php" in that URL. You need
Apache directives to rid you of that.

e.g. http://test.tobyinkster.co.uk/content/test_article/2

(which is really "content.php")

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact

On Thu, 02 Mar 2006 17:31:39 +0100, Borek
<m.borkowski@delete.chembuddy.these.com.parts> wrote:

Thank's or all answers, I am still not there, but I am closer

Best,
Borek
--
http://www.chembuddy.com
http://www.ph-meter.info