Instructions are included in the comments at the top of the script. Note the variable $directory is the directory where the download files are located. If you want the script in the same directory as the files then use "./" as the directory (you must always have the slash).
In your html page, use the following structure as your download link (where name.txt is the file name to download):
Code: Select all
<a href="download.php?file=name.txt">download</a>
You can download this script as a .txt file. Remember to rename the file as a .php file.
Code: Select all
<?php
/*
This script can send an email and/or make an entry in a log file
There are two variables below - one for an email address and one for a log file
Set both vraiables to the values you want to use
If you do not want either an email or log entry, comment out the respective line
For example, if you do not want an email sent, put a // in front of the $emailAddress line - same for the $logFile line
*/
$emailAddress = "[email protected]";
$logFile = "download.log";
$directory = "downloads/"; // the relative directory that has the downloads - can be ./ for the current directory
putenv('TZ=EST5EDT'); // eastern time
// change nothing below this line
$filename = $_GET['file'];
$path = "$directory$filename";
if(file_exists($path) AND substr_count($filename,"/") == "0") {
header("Content-type: application/octet-stream");
header("Content-Disposition: attachment; filename=$filename");
header("Content-Length: ".filesize($path));
readfile("$path");
if (isset($emailAddress)) {
$message = "File name: ".$filename."\n\n";
$message .= "Time of the download: ".date(" F d h:ia")."\n\n";
$message .= "Browser: ".$_SERVER['HTTP_USER_AGENT']."\n\n";
$message .= "Page Requested: ".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']."\n\n";
$message .= "Referer: ".$_SERVER['HTTP_REFERER']."\n\n";
$message .= "IP Address: ".$_SERVER['REMOTE_ADDR']."\n\n";
$message .= "Hostname: ".gethostbyaddr($_SERVER['REMOTE_ADDR'])."\n\n";
mail($emailAddress,"Download notification",$message,"From: Website <>");
}
if (isset($logFile)) {
$downloadLogRecord = $filename."||".$_SERVER['REMOTE_ADDR']."||".gethostbyaddr($_SERVER['REMOTE_ADDR'])."||".date('Y-m-d H:i:s')."\r\n";
@file_put_contents($logFile,$downloadLogRecord,FILE_APPEND|LOCK_EX);
}
}
?>
RewriteEngine On
RewriteRule \.(txt|zip)$ /error.gif [L]
This example will redirect any attempt to directly access any .txt or .zip file in that directory to the error image specified.
Then if you want to stop direct linking to the script as well (this will pretty much secure the download from any hot-linking), add these two lines at the top of the script:
Code: Select all
session_start();
if ($_SESSION['allowed'] != "yes") die('Inavlid download attempt');
Code: Select all
session_start();
$_SESSION['allowed'] = yes;