Re: using POST data for a readfile

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Andrés G. Montañez wrote:
You should use some JavaScript.
Try something like this:

<form name="downloads" medoth="post" action="callFile.php">
<input type="hidden" value="test.pdf">
<a href="#" onclick="document.downloads.submit();" target="_blank">
</form>


Actually, that href will fail if the site in question uses a <base> tag. And you left out the anchor content and </a>. A safer version would be...
<a href="javascript:document.downloads.submit();" target="_blank">download test.pdf</a>


If you have a limited number of files or a database you could store the data in, a more secure method from URL tampering (which would let you stick with the get method if you like) would be to store the filename, md5sum, and optionally some recordID in a database and have the readfile script pull the filename from there. If it's just a few files that won't change often, you could store them in an associative array.

Not only would people have to get the right record ID to retrieve a file, they'd have to get the md5sum of the file as well.

If you want to block freeloaders linking directly to a file off your site, do an md5sum of the date as well and verify it at the posted script. Then freeloader links won't be good for more than 24 hours (as long as they don't figure out your method). Give that variable a name that doesn't make the data source obvious like sourcecheck or something.

--
D. Wokan

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux