If you want to sell digital goods on the website, then a temporary download link is a very convenient source. Because it offers you a secure way to share the download link of digital products. Also, the user permits downloading the file only for a single time; after the download, the link is expired or deleted. Therefore, the single time download link is perfect for giving a digital product (code, music, video, etc.) to an only person and remove the link once you download your product.
There is no need to manually monitor the download activity to change the download link with the single-use download link. In its place, the download link will expire immediately after the first download. In this tutorial, we will explain to you how to create a one-time download link in PHP and implement the temporary download URL feature on the web application using PHP.
The example code permits you to make a unique link to download the file from the server. This link will give access to the user to download one time. Also, the link contains a time limit, and it will expire automatically after the specified expiry date.
For instance, you want to sell an eBook on your website. You will sell the eBook on your site for $5 so, you could use our script to access that user to download the respective eBook only one-time. The download link will give them a limited number of seconds/minutes/hours/days/week/years to claim their download.
The following process will be followed to implement the temporary download link functionality in PHP.
- Create a download link.
- Make a protected directory to store keys.
- Create a file and write a unique key to it.
- On download request, token key, and expiration time is validated.
- Force the browser to download the file.
SEE ALSO: Verify Email Address and Check if Email is Real using PHP
Configurations (config.php)
Let’s discuss the configuration variables with the given file.
- $files – An array of the files with the unique ID.
- You can specify the different name of the file being downloaded. It helps to protect the original data.
- You can specify the local or remote file path.
- BASE_URL – Define the URL of the application.
- DOWNLOAD_PATH – Define the path of the file is downloading script.
- TOKEN_DIR – Set the token directory path where the keys will be stored.
- OAUTH_PASSWORD – Set the authentication password to generate a download link.
- EXPIRATION_TIME – Set a time when the file will expire.
<?php // Array of the files with an unique ID $files = array( 'UID12345' => array( 'content_type' => 'application/zip', 'suggested_name' => 'codex-file.zip', 'file_path' => 'files/test.zip', 'type' => 'local_file' ), 'UID67890' => array( 'content_type' => 'audio/mpeg', 'suggested_name' => 'music-codex.mp3', 'file_path' => 'https://www.dropbox.com/XXXXXXX/song.mp3?dl=1', 'type' => 'remote_file' ), ); // Base URL of the application define('BASE_URL','http://'. $_SERVER['HTTP_HOST'].'/'); // Path of the download.php file define('DOWNLOAD_PATH', BASE_URL.'download.php'); // Path of the token directory to store keys define('TOKEN_DIR', 'tokens'); // Authentication password to generate download links define('OAUTH_PASSWORD','ALLSWEB'); // Expiration time of the link (examples: +1 year, +1 month, +5 days, +10 hours) define('EXPIRATION_TIME', '+5 minutes');
index.php
In this file, you will see a link to navigate to the download link creation file. You need to specify the authentication password in the query string of the link.
<a href="generate.php?CODEXWORLD">Generate download link</a>
Create Temporary Download Link (generate.php)
This file will make a temporary download link and lists the links on the web page. The query string contains the authentication password. And there is a need to match with the specified in the config.php file. Otherwise, it will render a 404 error.
- Get the authentication password from the query string.
- Validate the authentication password.
- Encode the file ID with base64_encode() in PHP.
- Generate a new unique key with a timestamp using uniqid() in PHP.
- Generate download link with file ID and key.
- Create a protected directory to store keys.
- Write the key in a file and put it in the token directory.
- List all the download links on the web page.
<?php // Include the configuration file require_once 'config.php'; // Grab the password from the query string $oauthPass = trim($_SERVER['QUERY_STRING']); // Verify the oauth password if($oauthPass != OAUTH_PASSWORD){ // Return 404 error, if not a correct path header("HTTP/1.0 404 Not Found"); exit; }else{ // Create a list of links to display the download files $download_links = array(); // If the files exist if(is_array($files)){ foreach($files as $fid => $file){ // Encode the file ID $fid = base64_encode($fid); // Generate new unique key $key = uniqid(time().'-key',TRUE); // Generate download link $download_link = DOWNLOAD_PATH."?fid=$fid&key=".$key; // Add download link to the list $download_links[] = array( 'link' => $download_link ); // Create a protected directory to store keys if(!is_dir(TOKEN_DIR)) { mkdir(TOKEN_DIR); $file = fopen(TOKEN_DIR.'/.htaccess','w'); fwrite($file,"Order allow,deny\nDeny from all"); fclose($file); } // Write the key to the keys list $file = fopen(TOKEN_DIR.'/keys','a'); fwrite($file, "{$key}\n"); fclose($file); } } } ?> <!-- List all the download links --> <?php if(!empty($download_links)){ ?> <ul> <?php foreach($download_links as $download){ ?> <li><a href="<?php echo $download['link']; ?>"><?php echo $download['link']; ?></a></li> <?php } ?> </ul> <?php }else{ ?> <p>Links are not found...</p> <?php } ?>
Download File by Temporary Link (download.php)
This file downloads the file by the temporary download link.
- Acquire the file ID & key from the query string of the URL.
- Acquire the time from the key and calculate link expiration time.
- Recover the keys from the tokens file.
- When you found a match through the key, delete it.
- Put the remaining keys back into the tokens file.
- If the match found and the link is not expired, force the browser to download the file.
<?php // Include the configuration file require_once 'config.php'; // Get the file ID & key from the URL $fid = base64_decode(trim($_GET['fid'])); $key = trim($_GET['key']); // Calculate link expiration time $currentTime = time(); $keyTime = explode('-',$key); $expTime = strtotime(EXPIRATION_TIME, $keyTime[0]); // Retrieve the keys from the tokens file $keys = file(TOKEN_DIR.'/keys'); $match = false; // Loop through the keys to find a match // When the match is found, remove it foreach($keys as &$one){ if(rtrim($one)==$key){ $match = true; $one = ''; } } // Put the remaining keys back into the tokens file file_put_contents(TOKEN_DIR.'/keys',$keys); // If match found and the link is not expired if($match !== false && $currentTime <= $expTime){ // If the file is found in the file's array if(!empty($files[$fid])){ // Get the file data $contentType = $files[$fid]['content_type']; $fileName = $files[$fid]['suggested_name']; $filePath = $files[$fid]['file_path']; // Force the browser to download the file if($files[$fid]['type'] == 'remote_file'){ $file = fopen($filePath, 'r'); header("Content-Type:text/plain"); header("Content-Disposition: attachment; filename=\"{$fileName}\""); fpassthru($file); }else{ header("Content-Description: File Transfer"); header("Content-type: {$contentType}"); header("Content-Disposition: attachment; filename=\"{$fileName}\""); header("Content-Length: " . filesize($filePath)); header('Pragma: public'); header("Expires: 0"); readfile($filePath); } exit; }else{ $response = 'Download link is not valid.'; } }else{ // If the file has been downloaded already or time expired $response = 'Download link is expired.'; } ?> <html> <head> <title><?php echo $response; ?></title> </head> <body> <h1><?php echo $response; ?></h1> </body> </html>
SEE ALSO: Autocomplete Textbox with Multiple Selection using jQuery in PHP
Conclusion
Firstly, with the help of our sample script, you can sell digital goods on the website with a temporary download link. Secondly, the single time download link is perfect for giving a digital product (code, music, video, etc.) to an only person and remove the link once he/she downloads the product. At last, our example code allows you to create a unique link to download the file from the server.
Also, read our previous blog- Accessing Webcam and Capture Image using HTML5 and JavaScript