Example : Your link is :
http://www.somesitehere.com/image.jpg
with this code the link will look like :
http://www.somesitehere.com/getfile.php?file=image.jpg
u can even make catgoreys , and the link will look like
Download
Make sure to edit the code Below to Put down the Name of the Directory will Include ur files that u need to hide thier location , Better way to move your files outside the root of ur site and link to them useing this code .
I have no idea who wrote this Code , Just found it in Google , . I just Modifided it with help of zelfase to fix some bug .
Save the file as getfile.php and edit line 3 if needed.
<?php // Usage: Download // Path to downloadable files (will not be revealed to users so they will never know your file's real address) $hiddenPath = "secretfiles/"; // VARIABLES if (!empty($_GET['file'])){ $file = str_replace('%20', ' ', $_GET['file']); $category = (!empty($_GET['category'])) ? $_GET['category'] . '/' : ''; } $file_real = $hiddenPath . $category . $file; $ip = $_SERVER['REMOTE_ADDR']; // Check to see if the download script was called if (basename($_SERVER['PHP_SELF']) == 'download.php'){ if ($_SERVER['QUERY_STRING'] != null){ // HACK ATTEMPT CHECK // Make sure the request isn't escaping to another directory //if (substr($file, 0, 1) == '.' ¦¦ strpos($file, '..') > 0 ¦¦ substr($file, 0, 1) == '/' ¦¦ strpos($file, '/') > 0) { if ((substr($file, 0, 1) == '.') || (strpos($file, '..') > 0) || (substr($file, 0, 1) == '/') || (strpos($file, '/') > 0)) { // Display hack attempt error echo("Hack attempt detected!"); die(); } // If requested file exists if (file_exists($file_real)){ // Get extension of requested file $extension = strtolower(substr(strrchr($file, "."), 1)); // Determine correct MIME type switch($extension){ case "png": $type = "video/x-ms-asf"; break; case "avi": $type = "video/x-msvideo"; break; case "jpg": $type = "application/octet-stream"; break; case "jpeg": $type = "video/quicktime"; break; case "mp3": $type = "audio/mpeg"; break; case "mpg": $type = "video/mpeg"; break; case "gif": $type = "video/mpeg"; break; case "rar": $type = "encoding/x-compress"; break; case "txt": $type = "text/plain"; break; case "wav": $type = "audio/wav"; break; case "pdf": $type = "text/plain"; break; case "doc": $type = "audio/wav"; break; case "jpeg": $type = "text/plain"; break; case "bmp": $type = "audio/wav"; break; case "wma": $type = "audio/x-ms-wma"; break; case "wmv": $type = "video/x-ms-wmv"; break; case "zip": $type = "application/x-zip-compressed"; break; default: $type = "application/force-download"; break; } // Fix IE bug [0] $header_file = (strstr($_SERVER['HTTP_USER_AGENT'], 'MSIE')) ? preg_replace('/\./', '%2e', $file, substr_count($file, '.') - 1) : $file; // Prepare headers header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: public", false); header("Content-Description: File Transfer"); header("Content-Type: " . $type); header("Accept-Ranges: bytes"); header("Content-Disposition: attachment; filename=\"" . $header_file . "\";"); header("Content-Transfer-Encoding: binary"); header("Content-Length: " . filesize($file_real)); // Send file for download if ($stream = fopen($file_real, 'rb')){ while(!feof($stream) && connection_status() == 0){ //reset time limit for big files set_time_limit(0); print(fread($stream,1024*8)); flush(); } fclose($stream); } }else{ // Requested file does not exist (File not found) echo("Requested file does not exist"); die(); } } } ?>
PHP: Hide the Real File URL and Provide Download via a PHP Script
There are times when you need to store a file (such as one that you sell for profit) outside of the document root of your domain and let the buyers download it via a PHP script so as to hide the real path, web address or URL to that file. Use of this approach enables you to:
Check for permissions first before rendering the file download thus protecting it from being downloaded by unprivileged visitors.
Store the file outside of the web document directory of that domain – a good practice in web security in protecting sensitive and important data.
Count the number of downloads and collect other useful download statistics.
…
Now the actual tip. Given that you have put the file to be downloaded via the PHP script in place at /home/someuser/products/data.tar.gz, write a PHP file with the following content in it and put it in the web document directory where your site visitors can access:
<?php
$path = '/home/someuser/products/data.tar.gz'; // the file made available for download via this PHP file
$mm_type="application/octet-stream"; // modify accordingly to the file type of $path, but in most cases no need to do so
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Type: " . $mm_type);
header("Content-Length: " .(string)(filesize($path)) );
header('Content-Disposition: attachment; filename="'.basename($path).'"');
header("Content-Transfer-Encoding: binary\n");
readfile($path); // outputs the content of the file
exit();
REFERENCES
http://www.codingforums.com/showthread.php?t=185272
http://www.kavoir.com/2009/05/php-hide-the-real-file-url-and-provide-download-via-a-php-script.html
http://stackoverflow.com/questions/6647165/hide-download-file-location-redirect-download
