i want to protect direct download (copy/paste link)on my website. I am sending the download link in email, link is like it is currently accessible on direct link entry ,but i want it to work only when email link is clicked and I know this can be done by checking the session variables but problem is that i do not have any login modules.
You could create a special access token based on the client's IP if they have to download it within the same session.
e.g.
$downloadKey = md5($filename . '_' . $_SERVER['REMOTE_ADDR']);
$_SESSION[$downloadKey] = $downloadKey;
// Include download link with key=$downloadKey
Then the PHP code that handles the download of the ZIP can re-hash the client IP and filename requested to see if it matches the session value. If they match then the download can proceed.
$request = md5($requestedFilename . '_' . $_SERVER['REMOTE_ADDR']);
if (isset($_SESSION[$request]) && file_exists($requestedFilename)) {
{
// stream file
unset($_SESSION[$request]);
}
else {
// 401 unauthorized
}
This is assuming the zip file is not visible from the web already and that you are opening and streaming it from a PHP script.
You don't need any "login modules" if you have emails/filenames (how you got these emails is another question)
simple: create unique link to (for example) https://example.com/download.php?file=ENCRYPTED_EMAIL_FILE_NAME for each email address+file name, send link.
download.php script decrypts clicked $_GET['file'], and sends it to browser with correct header. If decryption fails, show 404, log hack attempt or something like this.
If you don't have emails, well, maybe you should learn something about CMS/frameworks/databases/etc.