Hiding direct links?

[ezfilehosting.com]

Is there away for me to hide my links? ok.. I have an file management and I would like to hide location of the files. If you guys upload a text.txt
you would get http://www.ezfilehosting.com/files/text.txt , I would like to know if I can hide it and how.. Thanks for your help

 

[Electronic Punk]

You mean a kind of http://www.ezfilehosting.com/download.php?fileid=24 ?

 

[ezfilehosting.com]

yes, how would I do that? I looked around found anti-leech wasn't much help because you must place like hotlinking protection... I just want to hide my directory so no one can snoope around. anyway I can do this?

 

[albybum]

This is a stripped down form of the download script I made to control downloads on my site.

<?php
// ###############################################
// Filename: getFile.php
// Author: Albert Holtsclaw, www.albybum.net
// Email: albybum@albybum.net
// ###############################################
// Installation and use:
//    Copy this script to a text file with the .php extension
//    getFile.php for example.
//
//    Modify the example case section to fit your file information.
//    A new case will need to be created for each file.
//
//    Link to the script with the id of the file you want to download.
//    getFile.php?id=Some_ID
//    http://www.albybum.net/download/getFile.php?id=wow1.4
// ###############################################


// Functions
function showError($error)
{
             print "There has been an error. <br />";
             print "Error Code: ".$error;
	return true;
}

// ERROR Lists
// 2021 bandwidth exceeded
// 404 not found

// Set Defaults
$error="404";
$allow=false;

// Retrieve the file id from input 
$id=$_GET['id'];

	// Switch, Case block
	switch  ($id)
 	{


           // :: EXAMPLE CASE
	   // ###########  THE_ART_OF_SHADOWBLADERY  ###########
	   case "201":
                // File Mime Type
		   $type = 'video/x-ms-wmv';
		// File Name
		   $filename = 'THE_ART_OF_SHADOWBLADERY.wmv';
		// Path to file, relative to this script
		   $path = 'store/THE_ART_OF_SHADOWBLADERY.wmv';
		// Whether to allow this download, set false to stop download
                   $allow=true;
		break;	

	   // :: TODO - modify this case to fit your file information
           // :: EMPTY CASE
	   // ########### SOME FILENAME COMMENT ###########
	   case "SOME_UNIQUE_ID":
		$type = 'application/zip';
		$filename = 'SOME_FILE.zip';
		$path = 'downloads/store/SOME_FILE.zip';
                $allow=true;
		break;



	   // :: Default case if nothing matches the ID
	   // ###########  DEFAULT  ###########
	   default:	
		$error="404";
		break;

	}



// IF Allow has been set through a file case, allow download.
if ($allow==true)
{
	header("Content-Type: $type");
	header("Content-Disposition: attachment; filename=$filename");
	readfile($path);
}
else
{		
	showError($error);
}


?>

You would need to create a case and provide a unique id, the path, filename, and mime type for each download.

You could then access the file by a url formed like,
http://www.albybum.net/download/getFile.php?id=201

I store all my downloads in http://www.albybum.net/download/store

The "store" directory is locked/restricted so only my script can serve the files to users. This also allows more control of who and how many can download your script with a little extra code.

 

[albybum]

Updated script with comments.

 

[Admiral Michael]

could this easily be converted to ASP? and is there a way to hide the source line of embedded audio?

 

[LordOfLA]

yes it could (I'm looking into asp.net 2 myself).

Microsoft has a ton of resource on converting from php to asp.net

not sure about hiding a html value though..

 

[Howling Wolf]

Why don't you just put an empty index.html in the folder you want to protect ? It is simple and if somebody doesn't know the exact file name he won't be able to access it, am I wrong ?

 

[albybum]

For Apache, you can also do this:

Indexes
Sometimes, when you request a directory with no index file (index.php, default.asp etc.), you will instead see a directory listing of all the public files in the current directory. For a lot of people, this can be a nuisance and they'd rather remove the ability of users to view these directory listings. To do this, simply insert the following line in your .htaccess file:


Options -Indexes

This will remove the directory listing option for all directories in and below the one in which the .htaccess file is placed. If someone requests a directory that does not contain any index files (which would be displayed by default), then a 403 error code will be sent to the browser and either a custom error document or a standard one for your server will be displayed.

If you want to enable directory listings for some directories on your server, just create a .htaccess file in those directories and place in it the line:


Options +Indexes

This works in exactly the same way as disabling indexes, except it will enable them instead. If directory listings are already enabled, either through a .htaccess file higher up in the directory structure or in the httpd.conf file, then this setting will have no effect.

http://www.rixort.com/tutorials/apache-htaccess.php


But with a download script and a protected folder, you have true power over the path and access to your downloads.

 

[Admiral Michael]

The "store" directory is locked/restricted so only my script can serve the files to users. This also allows more control of who and how many can download your script with a little extra code.

Im interested in this, can it be down with IIS?

 

[albybum]

I only have one server with IIS and it is running and intranet invoice system with access and asp. I haven't tried, to be honest.

In theory it should work just fine. If you password protect a folder that should only apply to users connecting that need authentication. PHP [Or ASP for that matter] should have normal directory access as a local restricted user. It should be able to read and serve the file just fine.

I would have to defer that to someone who has more experience with IIS.