PHP file control - how to prevent downloads and make a download counter

29.07.18 IT / PHP 34049

Managing files PHP is quite simple - for this language has a large number of possibilities in its arsenal. You may need to control file downloads in a variety of situations, for example, blocking downloads or counter of file downloads in PHP .

What is this for? For example, only registered users or users who have paid for the software, etc. can download files. In this case, it is necessary to prohibit downloading files and allow it only to those users who have fulfilled the requirement. Also, you may often need to implement a file upload counter , which will show visitors how popular a particular file is, and can also be used for monitoring purposes. In short, there are many options for what you may need to control over files in PHP .

So how can this be done? The necessary steps will be discussed below.

Prepare folder and files

First, you need to place the files for download in a separate folder, which, preferably, will be inaccessible when you type the address in the line. To do this, when creating a site, you need to place it in a subfolder of the root directory and specify this in the hosting settings so that you can create other folders in the root that are inaccessible from the browser. Or, for the folder with downloaded files, you can write instructions in .htaccess that prohibit direct access to files.

It is better, of course, to move such a folder above the root directory of the site - then no one can directly access the file through the address in the browser line. Such a folder can be named anything, for example, private-directory . When the folder is created and the files are located, you can proceed to the next step.

Address formatting

Now that direct downloading of files is prohibited , you need to decide how the URLs of the downloaded files will look like. Any addresses can be used, both with and without an extension at the end - they will still be virtual. For example, URLs might look something like this: / download / file, /download/file.jpg, or /download/files/file.jpg .

Implementation of the function of prohibiting and counting the number of file downloads

Let's write a function that controls download access. It might look like this:

  // launch the function of controlling access to a file and controlling its number of downloads, can be performed from anywhere under certain conditions
get_file ();

function get_file () {
// paths to the private directory, to the downloaded file and to the data file
$ directory_path = getcwd (). '/ private-directory';
$ file_path = $ directory_path. $ _ SERVER ['REQUEST_URI'];
$ data_path = $ directory_path. '/ data.ini';

// access control, $ is_access can be true or false, depending on the condition, implemented independently for the needs of the project
$ is_access = true;
if ($ is_access) {
// reading data on the number of downloads, storing download data in a regular file - in practice it is better to store it in a database
$ data = file_exists ($ data_path)? parse_ini_file ($ data_path): array ();
$ data [$ file_path] = isset ($ data [$ file_path])? $ data [$ file_path] + 1: 1;
$ data_ini = '';
foreach ($ data as $ key => $ value) {
$ data_ini. = $ key. ' = '. $ value.PHP_EOL;
}
file_put_contents ($ data_path, $ data_ini);

// start file download
download_file ($ file_path);
} else {
echo 'Access denied';
}
}
 

Writing a function to download a file via PHP

Finally, let's implement the download_file function itself to download the file. In its simplest form, it may look like the following, it takes one parameter as input - the path to the file:

  function download_file ($ file_path) {
// clear buffering, if enabled
if (ob_get_level ()) {
ob_end_clean ();
}

// check for file existence
if (file_exists ($ file_path)) {
// formation of headers required to download the file
header ('Content-Description: File Transfer');
header ('Content-Type: application / octet-stream');
header ('Content-Disposition: attachment; filename ='. basename ($ file_path));
header ('Expires: 0');
header ('Cache-Control: must-revalidate');
header ('Pragma: public');
header ('Content-Length:' .filesize ($ file_path));

// read the file and send it to download
readfile ($ file_path);
} else {
echo 'File not found';
}

die ();
}
 

Thus, this article covered the topic of file access control in PHP . You can easily implement blocking of file downloads or create a download counter.