hi im having a problem. in my website, i have files for download. for example, the download link is: www.mysite.com/test/download.zip
when a user typed this link in the address bar, i want a security so that the link won't be accessible anytime. The user should supply a download key before they can start downloading the file. please help:(

You could put your download file in a password protected directory.

Or create an ISAPI dll to check what is going on.

Keep your downloadable files in a folder outside your website-root. Then make a downloadpage, where the user-credentials are checked, if ok, then read the file from the outside directory using the filesystemobject and send the bytes from the file to the requester.

hi thanks for your replies. if i created a folder outside the website-wwwroot folder, what will be the path?

ex these are the folders:

db
log
temp
wwwroot

i will put the download files in my temp folders. What will be the path?

You'll need to check with your ISP to see what the full path to your wwwroot is to figure that out, but let me give you an example. My full path is:

/home/username/public_html/

I have a secure directory on the same directory level (call it securelib) as my wwwroot. I reference it like this:

/home/username/securelib/

You will have something similar to this. Again, check with your ISP to find out for sure.

the support in my ISP send me this reply.

hi,
i don't think the temp folder is accessible from the web, only files inside the wwwroot folder.

:(

*how about putting a file dialog box when the download link is clicked,
is it secure enough?

In my opinion, your best bet if you can't make a folder on the same directory level as wwwroot is to password protect a directory and put your download files in that directory.

hmm.. are you familiar with file dialog content disposition?
i tried creating a folder<testing> in the same level with wwwroot.
when i run this code and download the file, i can only download the page, not the file itself. I don't know what's wrong with it.:(

<%
Response.ContentType = "application/x-unknown" ' arbitrary
fn = "test.txt"
FPath = "\home\testing\test.txt" & fn
Response.AddHeader "Content-Disposition","attachment; filename=" & fn

Set adoStream = CreateObject("ADODB.Stream")
adoStream.Open()
adoStream.Type = 1
adoStream.LoadFromFile(FPath)
Response.BinaryWrite adoStream.Read()
adoStream.Close
Set adoStream = Nothing

Response.End
%>

hmm.. are you familiar with file dialog content disposition?
i tried creating a folder<testing> in the same level with wwwroot.
when i run this code and download the file, i can only download the page, not the file itself. I don't know what's wrong with it.:(

<%
Response.ContentType = "application/x-unknown" ' arbitrary
fn = "test.txt"
FPath = "\home\testing\test.txt" & fn
Response.AddHeader "Content-Disposition","attachment; filename=" & fn

Set adoStream = CreateObject("ADODB.Stream")
adoStream.Open()
adoStream.Type = 1
adoStream.LoadFromFile(FPath)
Response.BinaryWrite adoStream.Read()
adoStream.Close
Set adoStream = Nothing

Response.End
%>
It cant find the file: first you define fn as "test.txt", then you define FPath as "\home\testing\test.txt" & fn, so FPath contains: "\home\testing\test.txttest.txt" is not quite correct. Try to Response.Write the filename you are trying to open and see if it is the right one.

hello i modified the code into this. it works fine with files of small size.
but when i tried to change the file into a bigger size about 20MB, there's
a winzip error: Cannot open file: it does not appear to be a valid archive.
If you downloaded this file, try downloading the file again.

<%
Response.ContentType = "application/zip" ' arbitrary
fn = "testing.zip"
FPath = server.mappath("./testing/") & "\" & fn
Response.AddHeader "Content-Disposition","attachment; filename=" & fn

Set adoStream = CreateObject("ADODB.Stream")
adoStream.Open()
adoStream.Type = 1
adoStream.LoadFromFile(FPath)
Response.BinaryWrite adoStream.Read()
adoStream.Close
Set adoStream = Nothing

Response.End
%>

try to use some buffering instead of redirecting the read stream directly to the client, like:
<%
Response.ContentType = "application/zip" ' arbitrary
fn = "testing.zip"
FPath = server.mappath("./testing/") & "\" & fn
Response.AddHeader "Content-Disposition","attachment; filename=" & fn

Set adoStream = CreateObject("ADODB.Stream")
adoStream.Open()
adoStream.Type = 1
adoStream.LoadFromFile(FPath)

Dim streamcontent = adoStream.Read()
adoStream.Close
Set adoStream = Nothing

Response.Buffer = True
Response.AddHeader "content-length", Len(streamcontent)
Response.BinaryWrite streamcontent
Response.Flush
Response.End
%>

hi, why do i get this error using the code?

line 12 is this code: Dim streamcontent = adoStream.Read()

Microsoft VBScript compilation error '800a0401'

Expected end of statement

/download.asp, line 12

Dim streamcontent = adoStream.Read()
------------------^

You cannot declare and set a variable in one statement, my mistake,
Use:
Dim streamcontent
streamcontent = .....

hi, i still get this error

Cannot open file: it does not appear to be a valid archive.
If you downloaded this file, try downloading the file again.

and i tried using I.E. the file dialog doesn't appear.
It makes me sick. I have spent a day and a half still unable
to solve this problem.:(

Remove the line with the Len in it (in red) and try another content type:
<%
Response.ContentType = "application/octet-stream" ' arbitrary
fn = "testing.zip"
FPath = server.mappath("./testing/") & "\" & fn
Response.AddHeader "Content-Disposition","attachment; filename=" & fn

Set adoStream = CreateObject("ADODB.Stream")
adoStream.Open()
adoStream.Type = 1
adoStream.LoadFromFile(FPath)

Dim streamcontent = adoStream.Read()
adoStream.Close
Set adoStream = Nothing

Response.Buffer = True
Response.AddHeader "content-length", Len(streamcontent)
Response.BinaryWrite streamcontent
Response.Flush
Response.End
%>

Does the downloaded file have the same size as the original??

Done some testing now, the following code gives me the file which is the same size and also can be opened by winzip. Testfile was about 50 Mb.

<%@ LANGUAGE="VBSCRIPT" %>
<% Response.buffer = true %>

<%

' check if the user has the right permissions to download the file

' permission granted

fn = "testing.zip"
FPath = server.mappath("../Files/") & "\" & fn


Set adoStream = CreateObject("ADODB.Stream")
adoStream.Open()
adoStream.Type = 1
adoStream.LoadFromFile(FPath)

Dim streamcontent
streamcontent = adoStream.Read()
adoStream.Close
Set adoStream = Nothing

Response.Buffer = True
Response.Clear
Response.ContentType = "application/octet-stream"
Response.AddHeader "Content-Disposition","attachment; filename=" & fn
Response.AddHeader "content-length", Len(streamcontent)
Response.BinaryWrite streamcontent
Response.Flush
Response.End
%>

hi i tried the code in your last post. it downloads the file.
but the original size of the file is about 1.7mb and the downloaded file is only 890kb. So i still can't open the file. But the good thing is, it downloads the file. hmm.. what could be the cause. are you certain that you get the same file size..?

hi i tried the code in your last post. it downloads the file.
but the original size of the file is about 1.7mb and the downloaded file is only 890kb. So i still can't open the file. But the good thing is, it downloads the file. hmm.. what could be the cause. are you certain that you get the same file size..?
Yeps, same filesize, up to the byte. But if you remove this line:
Response.AddHeader "content-length", Len(streamcontent)
does that affect the downloaded filesize?

hey, you're right. when i removed that line it worked fine now.
what i did earlier is just copied and pasted the code without modifying it.
it works fine now. thank you very much for your help and time.
i really appreciate it.:thumbsup:

hey, you're right. when i removed that line it worked fine now.
what i did earlier is just copied and pasted the code without modifying it.
it works fine now. thank you very much for your help and time.
i really appreciate it.:thumbsup:
Strange that it worked for me though

no because in the last post which solved the problem the line

Response.AddHeader "content-length", Len(streamcontent)

is still included. you mean to say even if this line of code is included, it still works fine with yours?

follow up, how do i give credits to you? thank you very much. im going home now.:thumbsup:

you mean to say even if this line of code is included, it still works fine with yours?
Yeps

follow up, how do i give credits to you?
You just did
thank you very much. im going home now.:thumbsup: you're welcome, drive safe:)

hello im back, i got a problem with browser compatibility with the code.
its only working in mozilla firefox. have you tried running it using internet explorer 6.0? its not working with this browser.:confused:

Alternative solution (http://marcustucker.com/blogold/#1081202785001)

hello thanks for the link, im trying the code in the link you gave me. I pasted it in a page and tried running it. But nothing displays. What am I doing wrong here.

<%
'Load a file from disk
Function LoadStream(FilePath)
Dim objStream
Set objStream = Server.CreateObject("ADODB.Stream")
objStream.Type = 1 'adTypeBinary=1
objStream.Open
objStream.LoadFromFile FilePath
LoadStream = objStream.Read

objStream.Close
Set objStream = Nothing
End Function

'returns the MIME header type for a given extension
Function GetMIMEType(Extension)
dim Ext
Ext = UCase(Extension)

select case Ext
'Common documents
case "TXT", "TEXT", "JS", "VBS", "ASP", "CGI", "PL", "NFO", "ME", "DTD"
sMIME = "text/plain"
case "HTM", "HTML", "HTA", "HTX", "MHT"
sMIME = "text/html"
case "CSV"
sMIME = "text/comma-separated-values"
case "JS"
sMIME = "text/javascript"
case "CSS"
sMIME = "text/css"
case "PDF"
sMIME = "application/pdf"
case "RTF"
sMIME = "application/rtf"
case "XML", "XSL", "XSLT"
sMIME = "text/xml"
case "WPD"
sMIME = "application/wordperfect"
case "WRI"
sMIME = "application/mswrite"
case "XLS", "XLS3", "XLS4", "XLS5", "XLW"
sMIME = "application/msexcel"
case "DOC"
sMIME = "application/msword"
case "PPT","PPS"
sMIME = "application/mspowerpoint"

'WAP/WML files
case "WML"
sMIME = "text/vnd.wap.wml"
case "WMLS"
sMIME = "text/vnd.wap.wmlscript"
case "WBMP"
sMIME = "image/vnd.wap.wbmp"
case "WMLC"
sMIME = "application/vnd.wap.wmlc"
case "WMLSC"
sMIME = "application/vnd.wap.wmlscriptc"

'Images
case "GIF"
sMIME = "image/gif"
case "JPG", "JPE", "JPEG"
sMIME = "image/jpeg"
case "PNG"
sMIME = "image/png"
case "BMP"
sMIME = "image/bmp"
case "TIF","TIFF"
sMIME = "image/tiff"
case "AI","EPS","PS"
sMIME = "application/postscript"

'Sound files
case "AU","SND"
sMIME = "audio/basic"
case "WAV"
sMIME = "audio/wav"
case "RA","RM","RAM"
sMIME = "audio/x-pn-realaudio"
case "MID","MIDI"
sMIME = "audio/x-midi"
case "MP3"
sMIME = "audio/mp3"
case "M3U"
sMIME = "audio/m3u"

'Video/Multimedia files
case "ASF"
sMIME = "video/x-ms-asf"
case "AVI"
sMIME = "video/avi"
case "MPG","MPEG"
sMIME = "video/mpeg"
case "QT","MOV","QTVR"
sMIME = "video/quicktime"
case "SWA"
sMIME = "application/x-director"
case "SWF"
sMIME = "application/x-shockwave-flash"
'Compressed/archives
case "ZIP"
sMIME = "application/x-zip-compressed"
case "GZ"
sMIME = "application/x-gzip"
case "RAR"
sMIME = "application/x-rar-compressed"

'Miscellaneous
case "COM","EXE","DLL","OCX"
sMIME = "application/octet-stream"

'Unknown (send as binary stream)
case else
sMIME = "application/octet-stream"
end select

GetMimeType = sMIME
End Function

'Sends the specified file to the browser
sub SendStreamToBrowser(FileStream, FileName, ContentType, IsInline)
Dim FileExt, FileSize

'Disable error checking
on error resume next
'Clear buffer
Response.Clear

FileExt = mid(FileExt, instrrev(FileName,".") + 1)
FileSize = Ubound(FileStream) + 1

'Add filename to header
Response.AddHeader "Connection", "keep-alive"
Response.AddHeader "Content-Length", FileSize

'Check if data should be delivered inline or not
If IsInline = True then
'Allow the browser to render the file inside a browser window (if it can)
Response.AddHeader "Content-Disposition","inline; filename=" & FileName
Else
'Force browser to save file
Response.AddHeader "Content-Disposition","attachment; filename=""" & FileName & """"
End If

'Get ContentType for download
select case ContentType
case false
'Generic binary ContentType and Charset
Response.ContentType = "application/octet-stream"
Response.Charset = "UTF-8"

case ""
'Find out what it should be
Response.ContentType = GetMIMEType(FileExt)

case else
'Use the ContentType that was passed
Response.ContentType = ContentType
end select
'Send data to client
Response.BinaryWrite(FileStream)
Response.Flush
End Sub

%>

hello im back, i got a problem with browser compatibility with the code.
its only working in mozilla firefox. have you tried running it using internet explorer 6.0? its not working with this browser.:confused:
Worked perfectly in IE6 for me

hello, yah it works in I.E.

I have observed that when i download large file about 20MB, the code doesnt work anymore. But it works with small sized files. I tried downloading a file of 1.73MB it works.

hello thanks for the link, im trying the code in the link you gave me. I pasted it in a page and tried running it. But nothing displays. What am I doing wrong here.
Those are just subroutines, you have to call them of course.

<%
Response.buffer = true

' check if the user has the right permissions to download the file

' permission granted

dim fn, FPah, stream
fn = "testing.zip"
FPath = server.mappath("../Files/") & "\" & fn
stream = LoadStream(FPath)
Call SendStreamToBrowser(stream, fn, "zip", false)
%>

hi, it works now, but the code is not capable of downloading a 12MB file. Is there a workaround here?

Which code you are using? Probably there is no enough space in the cache.

hi, it works now, but the code is not capable of downloading a 12MB file. Is there a workaround here?
As i said before, u used a testfile of 50 MB, worked perfectly. So the code is not the cause of this problem