Hotlink protected PHP download script

Here is a code example of hotlink protected PHP download script. This script allows users to download an attachment file but when user opens this link directly (i.e. by typing URL) or from another website it will be redirected to your download page.

What is Hotlink?

Hotlink is a link placed on one website to open or download intellectual property (e.g. zip file, image file or video file etc.) from another website. Hotlinking affects your site by the following ways.

  • Pressure on bandwidth: When some one hotlink your properties like image file, video file, download link, etc. the file is actually downloaded from your site. So it uses bandwidth of your site for which you are paying money to your host.
  • Reduces traffic: When your intellectual properties are available on another site part of your web traffic will go to that site.
  • Copyright violation: It indirectly violates copyright of your property.

Download attachment in PHP

Download an attachment in PHP is pretty simple. Just use the following lines of code in a separate PHP file, say download.php.

Code | Download
<?php
/*Actual filename = 'attachment.zip' (Unknown to the viewers).
When downloaded to be saved as 'mydownload.zip'.
*/
$filename='mydownload.zip';
@header("Content-type: application/zip");
@header("Content-Disposition: attachment; filename=$filename");
echo file_get_contents('attachment.zip');
?>

Now whenever you open this file on your browser window a download dialog box will appear asking whether you want to save the file 'mydownload.zip'.

Protect attachment file from direct access

In the above script you do not have any protection of the attachment file, attachment.zip from direct access, i.e. viewers can open that file just by typing the URL of that file. So you have to protect that attachment file from any direct access. You can do it by either of the following methods.

  • You can keep your zip file at the parent folder of your public_html folder. Viewers only can access the files which are inside the public_html folder or in its sub directory. So your file is safe from any direct access.
  • Keep that file in a separate folder and choose a long random file name. Your viewers do not know the actual file name and hence can't open it directly. Put a blank index.html file inside that folder to prevent directory listing.
  • But the most common and widely used method to prevent unauthorized access of files is to use htaccess file. Put the following line of code in a htaccess file and keep it in your download folder.
    deny from all

Now all files and folder inside your download folder will be inaccessible by typing URL. You can only access them by using file system, i.e. by using path of the file.

Protect your download link from Hotlinking

You can use PHP session variable to protect download link from Hotlinking. At the top of your page(s) where you put the link of download.php add the following lines of code.

Code | Download
<?php
session_start();
$_SESSION['download']='ok';
?>

After adding those lines whenever you open those pages $_SESSION['download'] will set to 'ok'. Now add the following lines of code at the top of the download.php file.

Code | Download
<?php
session_start();
if($_SESSION['download']!=='ok'){
$redirect='index.html'; //URL of the page where you want to redirect.
header("Location: $redirect");
exit;}
?>

From the above code you can see that if the session variable is not set, i.e. if viewer not comes from your download page he will be redirected to your download page. In this way you can prevent Hotlinking.

Allow few sites for Hotlinking

Sometimes it is necessary to allow few sites to hotlink your download link, such as when you submit your download link to on some popular software directory like softpedia.com, hotscript.com, etc. so you have to add exceptions to your download page. To do it we have to check the referrer before we check the session variable. Now I rewrite the entire download page code to allow hotscript.com to hotlink my download link.

Code | Download
session_start();
if((strpos($_SERVER['HTTP_REFERER'],'http://www.hotscripts.com')!==0)&&($_SESSION['download']!=='ok')){
$redirect='index.html';
header("Location: $redirect");
exit;}
$filename='mydownload.zip';
@header("Content-type: application/zip");
@header("Content-Disposition: attachment; filename=$filename");
echo file_get_contents('attachment.zip');
?>
User comments:

Add comment

Java script code example

Document root:

articles

demo

documentation

html-tutorial

phpbb

webhosting review

RAMUI WEBBLOG
HomeAboutContact SitemapTerms of useXMLForum
© 2010,  http://ramui.com   All rights reserved.
Powered by: ramui webblog® Version 1.0