I am creating a site which allows users to view a file via JavaScript plugin.
To do this, and maintain the security of the file, I will be creating a one time unique copy of the original file, each time the JavaScript plugin is accessed.
The original file is at the maximum 30mb, how will this scale for multiple users of the system? Say if 100 people were to create and access the copy of the file.
You can do this by creating a htaccess rewrite to refer the user to a PHP script:
RewriteEngine On
RewriteRule ^download/([^/]+) /lib/download.php?file=$1 [QSA]
This will forward any request to yourdomain.com/download/anyfilehere.mp3?one_time_token=ABCDEFG to lib/download.php and set the $_GET['file'] to be anyfilehere.mp3. The one_time_token $_GET parameter will be forwarded, as we used [QSA].
The download.php could simply look something like this:
<?php
if (!empty($_GET['file'])) {
if (!empty($_GET['one_time_token'])) {
if (TokenOK($_GET['one_time_token'])) { //Create a function called TokenOK where you look up the download token in eg. a database
$fileName = '/var/www/downloadfolder/' . $_GET['file'];
if (file_exists($fileName)) {
ExpireToken($_GET['one_time_token']); //Create a function called ExpireToken where you expire the token in eg. the database
readfile($fileName); //Read the file to the user
die();
} else {
die('Error: file not found');
}
} else {
die('Error: token is not OK');
}
} else {
die('Error: token is not specified');
}
} else {
die('Error: file is not specified');
}
?>
Things to consider:
readfile