[ACCEPTED]-Create temporary file and auto removed-temporary-files

Accepted answer
Score: 13

PHP has a function for that name tmpfile. It creates 16 a temporary file and returns a resource. The 15 resource can be used like any other resource.

E.g. the 14 example from the manual:

<?php
$temp = tmpfile();
fwrite($temp, "writing to tempfile");
fseek($temp, 0);
echo fread($temp, 1024);
fclose($temp); // this removes the file
?>

The file is automatically 13 removed when closed (using fclose()), or 12 when the script ends. You can use any file 11 functions on the resource. You can find 10 these here. Hope this will help you?

Another 9 solution would be to create the file in 8 the regular way and use a cronjob to regular 7 check if a session is expired. The expiration 6 date and other session data could be stored 5 in a database. Use the script to query that 4 data and determine if a session is expired. If 3 so, remove it physically from the disk. Make 2 sure to run the script once an hour or so 1 (depending on your timeout).

Score: 10

So we have one or more files available for 13 download. Creating a temporary file for 12 each download requests is not a good idea. Creating 11 a symlink() for each file instead is a much better 10 idea. This will save loads of disk space 9 and keep down the server load.

Naming the 8 symlink after the user's session is a decent 7 idea. A better idea is to generate a random 6 symlink name & associate with the session, so 5 the script can handle multiple downloads 4 per session. You can use session_set_save_handler() (link) and register 3 a custom read function that checks for expired 2 sessions and removes symlinks when the session 1 has expired.

Score: 3

Could you explain your problem a bit more 3 deeply? Because I don't see a reason why 2 not to use $_SESSION. The data in $_SESSION is stored server-side 1 in a file (see http://php.net/session.save-path) BTW. At least by default. ;-)

Score: 3

Ok, so we have the following requirements 11 so far

  1. Let the user download in his/her session only
  2. no copy & paste the link to somebody else
  3. Users have to download from the site, e.g. no hotlinking
  4. Control speed

Let's see. This is not working code, but it should 10 work along these lines:

<?php // download.php

session_start(); // start or resume a session

// always sanitize user input
$fileId  = filter_input(INPUT_GET, 'fileId', FILTER_SANITIZE_NUMBER_INT);
$token   = filter_input(INPUT_GET, 'token', FILTER_UNSAFE_RAW);
$referer = filter_input(INPUT_SERVER, 'HTTP_REFERER', FILTER_SANITIZE_URL);
$script  = filter_input(INPUT_SERVER, 'SCRIPT_NAME', FILTER_SANITIZE_URL);

// mush session_id and fileId into an access token
$secret        = 'i can haz salt?';
$expectedToken = md5($secret . session_id() . $fileId);

// check if request came from download.php and has the valid access token
if(($expectedToken === $token) && ($referer === $script)) {
   $file = realpath('path/to/files/' . $fileId . '.zip');
   if(is_readable($file)) {
        session_destroy(); // optional
        header(/* stuff */);
        fpassthru($file);
        exit;
    }
}
// if no file was sent, send the page with the download link.
?>
<html ...

<?php printf('a href="/download.php?fileId=%s&amp;token=%s', 
              $fileId, $expectedToken); ?>

...
</html>

And that's it. No 9 database required. This should cover requirements 8 1-3. You cannot control speed with PHP, but 7 if you dont destroy the session after sending 6 a file you could write a counter to the 5 session and limit the number of files the 4 user will be sent during a session.

I wholeheartedly 3 agree that this could be solved much more 2 elegantly than with this monkeyform hack, but 1 as proof-of-concept, it should be sufficient.

Score: 2

I'd suggest you not to copy the file in 18 the first place. I'd do the following: when 17 user requests the file, you generate a random 16 unique string to give him the link this 15 way: dl.php?k=hd8DcjCjdCkk123 then put this string to a database, storing 14 his IP address, maybe session and the time 13 you've generated the link. Then another 12 user request that file, make sure all the 11 stuff (hash, ip and so on) matches and the 10 link is not expired (e.g. not more that 9 N hours have passed since the generation) and 8 if everything is OK, use PHP to pipe the 7 file. Set a cron job to look through the 6 DB and remove the expired entries. What 5 do you think?

tmpfile

Creates a temporary file with 4 a unique name in read-write (w+) mode 3 and returns a file handle. The file is automatically 2 removed when closed (using fclose()), or 1 when the script ends.

Score: 0

Maybe it's to late for answering but I'm 8 try to share on feature googlize!

if you 7 use CPanel there is a short and quick way 6 for blocking external request on your 5 hosted files which name is: HotLink.

you can Enable 4 HotLinks on you Cpanel and be sure nobody 3 can has request o your file from another 2 hosting or use your files as a download 1 reference.

Score: 0

To acheive this, I would make one file and 19 protect it using chmod - making it unavailable 18 to the public. Or, alternatively, save the 17 contents in a database table row, fetch 16 it whenever required.

Making it downloadable 15 as a file. To do so, I would get the contents 14 from the protected file, or if it is stored 13 in a database table, fetch it and simply 12 output it. Using php headers, I would, give 11 it a desired name, extension, specify it's 10 type, and finally force the browser to download 9 the output as a solid file.

This way, you 8 only need to save data in one place either, in 7 a protected file or in database. Force client 6 browser to download it as many times as 5 the the conditions meet e.g., as long as 4 the user is logged-in and so on. Without 3 having to worry about the disk space, making 2 any temp file, cronJobs and or auto-deletion 1 of the file.

More Related questions