Geek Answers Handbook

Create a download link via ip and time

There is a direct link to download the file. users can download this link after payment, for example:

http://example.com/download/webapp.rar

But I need to create a link to ip and limited download time to prevent the peak of the file with others. I want to do this without using any databases. something like that:

http://example.com/download.php?a5fds588fgdf

or

http://example.com/download/a5fds588fgdf

Are there any tips?

+5
source share
3 answers

There is a really nice nginx module that does this.

The URL receives two parameters - Lets call them s (security) and t (timestamp). Security is a secure hash generated from a timestamp, path and salt (in your case, just add ip).

$ip = $_SERVER['REMOTE_ADDR'];
$salt = 'change me cause im not secure';
$path = '/download/webapp.rar';
$timestamp = time() + 3600; // one hour valid
$hash = md5($salt . $ip . $timestamp . $path); // order isn't important at all... just do the same when verifying
$url = "http://mysite.com{$path}?s={$hash}&t={$timestamp}"; // use this as DL url

To check:

$ip = $_SERVER['REMOTE_ADDR'];
$salt = 'change me cause im not secure';
$path = $_SERVER['REQUEST_URI'];
$hashGiven = $_GET['s'];
$timestamp = $_GET['t'];
$hash = md5($salt . $ip . $timestamp . $path);
if($hashGiven == $hash && $timestamp <= time()) {
    // serve file
} else {
    die('link expired or invalid');
}

" " - script, .

nginx:

location /download {
    rewrite ^.*$ /download.php last;
    break;
}

apache, .

, , , , , URL- (. ).

nginx: http://wiki.nginx.org/HttpSecureLinkModule

lighty: http://redmine.lighttpd.net/wiki/1/Docs:ModSecDownload

nginx: http://wiki.nginx.org/HttpSecureDownload

, - apache ... , - ...

+24

, , IP , - :

<?php
$salt = 'SALTING'; // Hash cipher
$key = new stdClass();
$key->limit = time()+3600; // 1 hour limit
$key->ip = $_SERVER['REMOTE_ADDR'];
$key->security = sha1(sha1($salt.serialize($key))); // Double sha1 for fun

$key_param = base64_encode(serialize($key));

echo sprintf('http://mysite.com/download/%s', $key_param);
?>

, 1 , ip $key- > ip.

:

<?php
$salt = 'SALTING';
$key = $_GET['key'];
$key = base64_decode($key);
$key = unserialize($key);
if($key->security != sha1(sha1($salt.serialize($key)) || $_SERVER['REMOTE_ADDR'] != $key->ip) {
    throw new Exception('Security breach. U mad bro ?');
}
?>

:) . .

, $_SESSION[$file_id] = time()+3600; ... .

+4

!

, , ​​ cache-lite: http://pear.php.net/manual/en/package.caching.cache-lite.intro.php

PHP ( )

You can cache the IP address and random key that you assign along with the expiration date (some cache libraries will also allow you to set a cache check time)

0
source

More articles:


All Articles