How can I redirect users when they follow a link directly to a certain file?

206
August 31, 2017, at 11:37 PM

My site uses php and htaccess.

Basically, I have a file (example.com/music.mp3) and I don't want anyone to access it directly unless they are coming from a specific page (example.com/music.php).

Also, if they try and access it directly, I want it to redirect them to the page.

Is there any way to do this? Any help will be greatly appreciated.

For clarity:

Case 1: User clicks a link to the mp3 file from an external forum and they're redirected to the php file.

Case 2: User clicks the link to the mp3 file from the appropriate page and they get to download / listen to it freely.

Answer 1

You can achieve that by using the <if> and <else> directive.

<if "%{HTTP_REFERER} == 'example.com'">
    RewriteRule ^(.*)$ http://example.com/music.mp3 [R=301,NC,L]
</if>
<else>
    RewriteRule ^(.*)$ http://example.com/music.php [R=301,NC,L]
</else>

So if the referrer is equal to example.com, then redirect to /music.mp3 - if not then redirect to /music.php.

Make sure you clear your cache before testing this.

Answer 2
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example.com/.*$ [NC]
RewriteRule ^music.mp3$ http://www.example.com/music.php [R,L]

If you want to allow blank referers, add this rule first:

RewriteCond %{HTTP_REFERER} !^$
Answer 3

What about having music.php to read music.mp3 and return it? Trusting HTTP_REFERER is not error-proof. Some people will have blank referer, and as soon as someone discovers that you use HTTP_REFERER to allow download, word will spread and your users will begin to use fake headers.

Something like this:

<?php
$filename = 'music.mp3';
if (isset($_SESSION['auth'])) {
    // user is authenticated
    header('Content-type: audio/mpeg');
    header('Content-length: ' . filesize($filename))
    readfile($filename);
} else {
    header('Location: login.php');
}
?>

I have a system where people have to be logged in to download some pdf reports. They receive a link pointing to a php file. The PHP file determines if the user is logged in, and if they are, I send a Content type of application/pdf and use readfile to send the file to the user.

Just make very sure to sanitize $filename if this is being sent by the client, or the client will be able to read almost any file from your system.

READ ALSO
Face detection with php [on hold]

Face detection with php [on hold]

I built some app that recognize face, crop it, and merge it with other image in specific place

230
Can I combine Java and php code in eclipse [on hold]

Can I combine Java and php code in eclipse [on hold]

I need to do a project using Java and phpI had researched in Google before asking to this question

176
PDO fetch vs rowcount

PDO fetch vs rowcount

I’m having a practice in creating a login script in PHP using PDO, but have run into a slight problemI’ve got it to check if data is in the fields, but unsure of how to check if the username and password combination is correct

264