Upload download.php to your server. To configure Getfile to work for your site, you must first open the file and edit the settings on the first half of the page.
define('BASE_DIR','/www/user/downloads/'); tells the script where your downloads are located on the server. This location is different from the URL of the website. You can insert the absolute path of the folder (the location from the root directory) or the relative path of the download folder from the script.
For example: download.php is located in the /www/user folder, with the download folder being /www/user/downloads. For the BASE_DIR, you can set either "/www/user/downloads/" or "downloads/" (relative paths do not begin with a slash). Note: All paths must end with a trailing slash. ("/www/user/downloads/" instead of "/www/user/downloads")
You can also use the absolute path to link to a folder not accessible by the web. For example, if /www/user/ is the web-accessible folder on your server, you can make "/downloads/"the BASE_DIR, and because it is not in the "/www/" or "/www/user/" folders, no one will be able to directly link/view your files or download folder.
define('ENCRYPT_FILENAME',TRUE);enables the use of encrypted filenames in the query.define('HOTLINK_PROTECTION',TRUE); tells the script whether or not to enable the hotlink protection. You can set this to TRUE or FALSE to turn it on and off.define('HOTLINK_PAGE_URL','http://www.mysite.com'); sets the page that the script redirects to whenever hotlinking is detected. You can set it to a warning page letting the user know of the violation, or simply redirect the download to the proper page where they can get the information from your site.$allowed_domains="*.mysite.com, www.myaffiliate.net"; sets the domains that are allowed to link to your downloads when hotlink protection is on. The asterisk (*) is used as a wilcard. This makes completely allowing domains easier. Simply adding "www.somesite.com" won't allow "forum.somesite.com" to link to your downloads. To make sure "forum.somesite.com" and any other subdomains from the site will work, add an asterisk where "www" would go ("*.somesite.com") to completely allow www.somesite.com to link to your download.define('LOG_DOWNLOADS',TRUE); tells the script whether or not to log the downloads. You can set this to TRUE or FALSE to turn it on and off.define('LOG_FILE','downloads.txt'); tells the script the name of the file that will hold the logs. The name does not matter, and when the first log is made the file will automatically be created by the script.define('LOG_LIST_NUM',200); sets the maximum number of items shown in the log view. When the log exceeds this number, it displays the most recent ## of logs.define('USERNAME','admin'); is the username used to manage the download log through the script.define('PASSWORD','pass'); is the password used to manage the download log through the script.define('LOG_CSS','<CSS Code>'); is the embedded CSS stylesheet to format the log page. Be careful that the code you insert here doesn't break the script and cause it to work improperly.$allowed_ext = array (
// archives
'zip' => 'application/zip', and the following lines make up the list of extensions that are allowed through the script. You can add or delete extensions to make the script only usable for certain files.
To add an extension, you must add a line into this section in the following format: 'extension' => 'mime type',
If you are trying to add an extension and do not know the mime type, you can try and search for the mime type of your extension (try http://www.w3schools.com/media/media_mimeref.asp). If you cannot find the mime type for the extension you wish to add, simply leave it blank:
$allowed_ext = array (
// archives
'zip' => 'application/zip',
'doc' => 'application/msword', //found mime type for .doc extensions
'ogg' => '', // The mime type is unknown, so left blank
NOTE: Don't forget the comma at the end of your mime type.
Understanding Hotlinking and Bandwidth Theft
"Hotlinking" (also called "leeching" and "bandwidth theft") is a term referring to when a web page of one website owner is direct linking to the images or other multimedia files on the web host of another website owner, usually without permission. This not only causes the host of the hotlinked file to use his bandwidth for data tranfers occuring on another's site, but often in many cases it is intellectual property theft. With Hotlink Protection turned on, you can block out all unwanted domains. Only the people in your allowed-domains list will be able to have access to the files in your download folder.
Organizing Downloads on Your Site
For Getfile to serve the downloads on your site, they need to be uniquely named and located in the downloads folder that you set when you configured the script. Even though all of your download files need to be located in the downloads folder, they can still be organized within that folder. For Example, the downloads folder is set to "downloads/", but the folder is organized like so:
downloads/reports/2007/
downloads/reports/2006/
downloads/programs/games/
downloads/programs/office/
downloads/forms/
Even though your files are in subfolders, as long as they are in your download folder and are uniquely named they can be located by the script with no extra effort. So even though "project_report.doc" is in the "downloads/reports/2007/" folder, when you link to the download "download.php?progress_report.doc", the script will still find your document.
NOTE: In order for Getfile to serve your files properly, they all NEED to be uniquely named from all files in the downloads folder, including subfolders. If more than one file has the same name, Getfile will serve the first file that fits, which may not be the desired file. For example, if you have two files named "progress_report.doc" in "downloads/reports/2006/" and "downloads/reports/2007/", and "project_report.doc" is in the "downloads/reports/2007/" folder, when you link to the download "download.php?progress_report.doc" is meant to fetch the report in the 2007 folder, if the the 2006 folder is checked first, that is the file that'll reach the user when they download it. To avoid this and make the process simple, simply add dates into the names of the files (like "progress_report0206.doc"). You can even still have the user download the file as "progress_report.doc" regardless with Getfile's Download As New Name feature.
Download File
To use the script to put a download on your website, simply add a link onto your website:
<a href="http://www.yourdomain.com/download.php?example.zip">Download example.zip</a>
Using Encrypted Filenames
When ENCRYPT_FILENAME is enabled, you can use MD5 encrypted names in your URLs to retrieve files. This is useful when you want to disguise the original name of the file you're delivering. While in the admin panel, with ENCRYPT_FILENAME enabled, there is a built in tool to help you encrypt the desired filename. Rather than using:
<a href="http://www.yourdomain.com/download.php?example.zip">Download example.zip</a>
Your URL will be:
<a href="http://www.yourdomain.com/download.php?9ae68719184d087ebd6c4e6f6a8ae51a">Download example.zip</a>
Download File as New Name
You can use the script to force the user to download a file under a new name without renaming the original file. Create a link like the one above, add a slash ( "/" ), and then type the new name of the file:
<a href="http://www.yourdomain.com/download.php?example.zip/newname.zip">Download newname.zip</a>
<a href="http://www.yourdomain.com/download.php?9ae68719184d087ebd6c4e6f6a8ae51a/newname.zip">Download newname.zip</a>
When the user clicks on the link, s/he will download newname.zip, but the file will still be example.zip.
Checking the Log Through the Web
When you enable LOG_DOWNLOADS, all downloads processed by Getfile are logged into tab-delimited text file. You can view the log online through Getfile. Simply type this URL into your browser:
http://www.yourdomain.com/download.php?admin
For the greatest level of security, Getfile uses HTTP authentication to protect the panel. The username and password are the ones you configured into the script. In this view, the data is organized neatly into an HTML table. From this view, you can also export and clear the log with the Export Log and Clear Log buttons at the top of the page. NOTE: Clearing the log deletes the logged data off the server, not just the page. You cannot recover your log data after you've cleared it.
Viewing the Exported Log Data
Since the data is exported to a tab-delimited text file, the log can be viewed in an ASCII editor or word processor like Notepad, Wordpad, and Microsoft Word. The file is also supported by most spreadsheet programs like Excel. To import while using Excel, click File > Open..., change File Type to Text Files, and select your data log. A wizard will come up with alot of options, but Excel will intuitively know how to read the data. Simply press Finish on the wizard and your data will be put in it's correct cells for you to use with your documents, statistics, and presentations.
Customizing Download Log in Web View
You can customize the way your log data is presented while viewing it on the web by modifying the code in the LOG_CSS portion of the script. You can change the way the BODY, THEAD, TABLE, TR, and TD and selectors work. The CSS code included shows all of the tags used in the log view, and you can easily customize the look of the log to your liking. If you need help on figuring out what CSS is and how to use it, take a look at some CSS Tutorials at http://www.w3schools.com/css/css_intro.asp.
