Namecheap.com - Cheap domain name registration, renewal and transfers - Free SSL Certificates - Web Hosting

WordPress - Hide Actual Download Url



WordPress customized many way .But when a user download your file from your blog. It happen to appear link like this " www.Yourwebsite.com/wp-content/uploads/2013/06/download.zip" It's showing the url link to your visitors where your file is located. Its giving security problem to your blog. You have to hide the actual url of your files location.

I tried to use a method to hide the download location and allow all downloads from the url like this  "www.yoursite.com/download/?m=d4wef4vbsdfv4334v45g6hg4rbvwq4vv.zip"

otherwise like this "www.yoursite.com/downloads/"

This is most secure because no one is going to know your file location. First thing we need to create a file namely "download.php" and link  it your wordpress theme file or plugin file.

go to your admin panel and under that pages and Add New then crreate page namely download and make sure the url look like above said one. Then add it to your download page  

['donload_page']

we have to send a file name or post id to downloads.php and make it downloadable by your user. So here i will use post id to make download.

Goto your download.php file and paste the following code in it.


<?php 

ob_start();
function download_link_page(){
    global $wpdb , $current_user , $wp_roles;
    get_currentuserinfo();
    $setting = wp_upload_dir();
    $allowed_referred = "";
    $base_dir = $setting['basedir'];
    $log_downloads = true;
    $down_stat_table = $wpdb->prefix.'download_stat';

    if(!empty($settings)) {
        foreach($settings as $setting) {
            if(rtrim($setting->allowed_referred) != "")
                $allowed_referred =  $setting->allowed_referred;
           
            if(rtrim($setting->base_dir) != "")
                $base_dir =  $setting->base_dir;

            if($setting->log_downloads == "0")
                $base_dir =  false;
        }
    }    

    define('ALLOWED_REFERRER', $allowed_referred);
    define('BASE_DIR',$base_dir);
    define('LOG_DOWNLOADS',$log_downloads);   
    define('LOG_FILE','downloads.log');

    $allowed_ext = array (
        'zip' => 'application/zip',
        'txt' => 'application/txt',
        'doc' => 'application/msword'   
    );   //Specify your support mine type for user download
    ####################################################################
    ###  DO NOT CHANGE BELOW
    ####################################################################
    if (ALLOWED_REFERRER !== '' && (!isset($_SERVER['HTTP_REFERER']) || strpos(strtoupper($_SERVER['HTTP_REFERER']),strtoupper(ALLOWED_REFERRER)) === false)) {
        if(strtoupper($_SERVER['HTTP_REFERER']) != home_url())  {
            $referredBy = strtoupper($_SERVER['HTTP_REFERER']);
            $parent   = strtoupper(home_url());
            $pos = strpos($referredBy, $parent);
            if ($pos === false) 
                die("Internal server error. Please contact system administrator.");
             else {     }
        }
    }
    set_time_limit(0);
    
    if (isset($_POST['item_number']) || (!empty($_POST['item_number']))) {
if (strpos($_POST['item_number'], "\0") !== FALSE) die('');
$post_id= trim($_POST['item_number']);
$args = array(
'post_type'   => 'attachment',
'numberposts' => -1,
'post_parent' => $post_id,
'post_mime_type' => 'application'
);
$attachments = get_posts( $args );
if ( $attachments ) {
foreach ( $attachments as $attachment ){
$fname = get_post_meta($attachment->ID,'_wp_attached_file',true);
$fname = substr($fname, 8); 
}
}
_e("Your download starts within five seconds.");

}else {

    _e("Sorry No File is specified to download.");
echo '</section>';
get_footer();
exit(0);
}
 if (!isset($_POST['txn_id']) || empty($_POST['txn_id'])) {
$gateway = "Free Gateway" ;
$txn_id = $post_id."_".$current_user->ID;
}
  else {
$txn_id = trim($_POST['txn_id']);
$gateway = trim($_POST['custom']);
}
    function find_file ($dirname, $fname, &$file_path) {        
        $dir = opendir($dirname);        
        while ($file = readdir($dir)) {
            if (empty($file_path) && $file != '.' && $file != '..') {
                if (is_dir($dirname.'/'.$file))
                    find_file($dirname.'/'.$file, $fname, $file_path);                
            else {
                if (file_exists($dirname.'/'.$fname)) {
                    $file_path = $dirname.'/'.$fname;
                    return;
                  }
            }
            }
        }

    } // find_file
    // get full file path (including subfolders)
    $file_path = '';
    find_file(BASE_DIR, $fname, $file_path);
    echo $file_path;
$fname ; 
    if (!is_file($file_path)) _e("File does not exist. Make sure you specified correct file name.");    

    $fsize = filesize($file_path); 
    $fext = strtolower(substr(strrchr($fname,"."),1));
    if (!array_key_exists($fext, $allowed_ext))  _e("Not allowed file type.");     

    if ($allowed_ext[$fext] == '') {
        $mtype = '';       
        if (function_exists('mime_content_type') && is_file($file_path) ) {
            $mtype = mime_content_type($file_path);
        }
        else if (function_exists('finfo_file') && is_file($file_path) ) {
            $finfo = finfo_open(FILEINFO_MIME); // return mime type
            $mtype = finfo_file($finfo, $file_path);
            finfo_close($finfo);  
        }
        if ($mtype == '') {
            $mtype = "application/force-download"; 
        }
    }
    else    $mtype = $allowed_ext[$fext];

    if (!isset($_GET['fc']) || empty($_GET['fc'])) {
        $asfname = $fname;
    }
    else {
        $asfname = str_replace(array('"',"'",'\\','/'), '', $_GET['fc']);
        if ($asfname === '') $asfname = 'NoName';
    }
    $date =date('Y-m-d H:i:s');   
    $wpdb->insert($down_stat_table , array(
'time' => $date,
'project_id' => $post_id,
'buyer_name' => $current_user->user_login,
'buyer_email' => $current_user->user_email,
'txn_id' => $txn_id,
'gateway' => $gateway,
'ip_addr' => $_SERVER["REMOTE_ADDR"]
));
if( $gateway == 'Free Gateway' ) {
$down_count = get_post_meta($post_id, 'down_count', true);
$down_count = $down_count + 1;
update_post_meta($post_id, 'down_count', $down_count); 
}
$tot_charge = get_post_meta($post_id , 'total_charges', true);
$tot_charge = $tot_charge + $down_count * 1.25;
update_post_meta($post_id, 'total_charges' , $tot_charge);

    header("Pragma: public");
    header("Expires: 0");
    header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
    header("Cache-Control: public");
    header("Content-Description: File Transfer");
    header("Content-Type: $mtype");
    header("Content-Disposition: attachment; filename=\"$asfname\"");
    header("Content-Transfer-Encoding: binary");
    header("Content-Length: " . $fsize);
ob_clean();   // discard any data in the output buffer (if possible)
flush();      // flush headers (if possible)

//readfile($file_path);
//exit();
//@readfile($file_path);

    $file = @fopen($file_path,"rb");
    if ($file) {
        while(!feof($file)) {
            print(fread($file, 1024*8));
            flush();
            if (connection_status()!=0) {
            @fclose($file);
            die();
        }
    }
    @fclose($file);
    }
    // log downloads
    if (!LOG_DOWNLOADS) die();

    $f = @fopen(LOG_FILE, 'a+');
    if ($f) {
        @fputs($f, date("m.d.Y g:ia")."  ".$_SERVER['REMOTE_ADDR']."  ".$fname."\n");
        @fclose($f);
    }    
}    add_shortcode( 'download_page', 'download_link_page' ); ?>


The above code can help you to create a secure download and hide your actual file location .Here we need to send post id to create download. So create form like this into your loop.php or single .php

<form method="post" action="<?php echo site_url('download'); ?>" >
<input type="hidden" name="item_number" value="<?php echo $post->ID; ?>" >
<input type="submit" value="Download" class="class-btn" name="submit"> 
</form> 

That's all  to create secured download manager for your files. Leave a comment here as your views of suggestions and feedbacks.

4 Responses to “WordPress - Hide Actual Download Url”

Unknown said...
23 December 2014 at 07:57

Thanks very much for providing excellent details here... I like your web page. Thanks very much and keep creating .I'm getting excited about your new content.

Wordpress Development Bangalore | Joomla Developers Bangalore


Unknown said...
14 April 2016 at 02:35

Awesome post, really interesting. Nice idea to protect our wordpress files from spammers. Looking forward for some more....
ecommerce development company


Unknown said...
1 July 2016 at 04:18

how to link download.php to wordpress theme?
i saved download.php in files directory wp theme and use the following code in header:
/files/download.php
To call out, but the site was not loaded


Unknown said...
14 July 2017 at 18:05

it has a lot of Hooks to modify the look of the Theme, if you directly modify the genesis code then all the changes will be lost when newer version of Genesis will come. or you will never update which is not a good idea. wordpress themes


Post a Comment

Namecheap.com - Cheap domain name registration, renewal and transfers - Free SSL Certificates - Web Hosting