I have this code:
$(li.AandCattachment.a download).click(function() {
$('#down').val($(this());
location.href('path/to/file?=' + $('#down').val());
}
but i need to encrypt the url so that it will be secured and it cannot be copied by another user and see all the files by copying the url of the file and changing the url one by one..
can you help me with this?
You can place the files outside the webroot, so they are not directly available, then serve them via php. In this example i am using an associative array to map 'random' strings to the actual files, so that file names cannot simply be guessed:
//download.php
$pathmap=[
'hkd654gk'=>'../file1.jpg',
'k735hs87'=>'../file2.jpg',
'qwcv13v5'=>'../file3.jpg',
];
$securepath = isset($_GET['path'])?$_GET['path']:'';
if(!isset($pathmap[$securepath]))
die('file not found');
header('Content-Type: image/jpeg');
readfile($pathmap[$securepath]);
To access file1, url would be:
example.com/download.php?path=hkd654gk
What you want to achieve will not involve only client-side code, but server side code too..
I´m not giving you 100% solution, you will have to do some extra work(you will need a mechanism to validate the url that I cannot guess by myself without knowing how do you validate users), but this will point you the way:
Make a PHP File to handle file download this way
$crypted_url = $_GET["url_to_file_encripted_somehow"];
$file_path = get_file_path_from_crypted_url($crypted_url);
if ( $file_path === false ){
include "403.html";
die;
}
$filename = "whatever";
header("Content-type: application/octet-stream");
header("Content-Disposition: attachment; filename=$filename.".pathinfo($file_path, PATHINFO_EXTENSION));
echo readfile($documento->link_archivo());
I may be of further help if you explain the mechanism you want to use to validate the user.
