Location: PHPKode > scripts > Document Hide and Track > document-hide-and-track/dht.php

DHT - Document Hide and Track v0.2

(C) 2002 Giancarlo -rofus- Erra

This software is under the GNU Public License (GPL)

I started making this script for myself: I needed a way to show
the curriculum vitae on my website, avoiding people to know
the exact location of the file, avoiding direct linking and
tracking all requests. I started out with a simple form, a simple
php include and a mysql logging/tracking. Then a friend of mine
asked me to make a similar script for his documents, but without
mysql logging (with csv export). So I decide to work a little
more on the original version to release it, now I think it's
pretty stable and secure.
With this script you can "hide" html/php/perl/cgi/txt etc.. files,
to avoid direct linking and to track each visitor (so it can be
useful also as a download manager). It can works also with
zip/tgz/doc/pdf etc.. files, but in this case you could
enconter problems in the client configuration about the content
types (read the code before use dht with binary type files).

Untar the archive in a directory, then open the dht.php file.
It's well commented: you have to change some parameters to fit
your website url, your email address and the name of the logfile.
When you find a NOTE please pay attention: it's something
related to security of the script: you should change the
name of the default name of the logfile and the default name
of the hidden page/s (that will be probably your document
name). You'll be able to change also email messages, log
format etc.. Remember that it's always important to change default
parameters of the scripts: this prevents the rest of the world
to know important settings (as your hidden document or your
DHT logfile!).
This script is really short, so read it carefully and enjoy!

I tested it on a Linux redhat with apache and php4 as module.
Your apache user needs WRITING rights at least on the logfile.

Remember: use this software at your own risk, I'm not responsible
for any direct or indirect damage, loss of data etc..
This software is distributed AS IS, without any warranty.

.New binary files handling (content types, hiding source address. Any idea? :P)
.Html interface for configuration

// checking if there are empty fields (if yes user will be redirected directly to the pass page)

if (!$name || !$email) {
Header("Location: http://yoursite.com/dhtpass.php");
exit ;
else {

// simple check on the email input format (if wrong user will be redirected directly to the pass page)

 function emailsyntax_is_valid($email) {
  list($local, $domain) = explode("@", $email);
  $pattern_local = '^([0-9a-z]*([-|_]?[0-9a-z]+)*)(([-|_]?)\.([-|_]?)[0-9a-z]*([-|_]?[0-9a-z]+)+)*([-|_]?)$';
  $pattern_domain = '^([0-9a-z]+([-]?[0-9a-z]+)*)(([-]?)\.([-]?)[0-9a-z]*([-]?[0-9a-z]+)+)*\.[a-z]{2,4}$';
  $match_local = eregi($pattern_local, $local);
  $match_domain = eregi($pattern_domain, $domain);
  	if ($match_local && $match_domain) {
    	return 1;
  	} else {
    	return 0;
 if (!emailsyntax_is_valid($email)) {
	Header("Location: http://yoursite.com/dhtpass.php");
	exit ;

// all is ok! creating the email message...
// You can change this text (in ascii format) to fit your needs, for example
// if you have several documents hidden by several dht scripts. In this case
// probably you need an email specifying a document name or version..

if ($referer=="") {
$referer="unknown, typed url or bookmark";
if ($remotehost=="") {
$remotehost="unknown hostname";
$today = date("F j, Y, g:i a");
$body="Name: $name \nEmail: $email \nTime: $today \nReferer: $referer \nRemotehost: $remoteaddr $remotehost \nUseragent: $useragent \n\n";

// this is the log message (exportable easily: CSV compatible!)
// You can import this log easily, in excel/access or in mysql for example:
// the log use "" to quote and ; to separate fields.

$add_row = "\"$name\";\"$email\";\"$today\";\"$referer\";\"$remoteaddr $remotehost\";\"$useragent\"\n";

// opening, writing and closing the log file..
// If you want a secure logfile please be sure to change the default name
// "dhtb.txt" to something else, check that the directory in which it is
// has directory listing denied, check file rights .. and finally check
// if your apache user can write in it :)
// The best way is to create the file before the first execution, then
// set the right file permissions.
// Please don't ask me to port this to a database platform: I have my
// own version on db, but this is for all the users, and often they
// are not able to manage or configure the db or change the scripts
// to fit their db settings. PHP is now available in many free hosting
// services, but it's not so with database access, so everyone can
// probably use this script with less setup time...
// Well, if you want you can always change this section to write to
// your db :)
// REMEMBER that the log file is a CSV file, so you can easily
// import it wherever you want.

if (!$aprif = fopen($filedb,"a+")) {
echo "<html><body bgcolor=\"white\"><br><center>Ouch! Error processing your request (FOPEN error). Please contact the <a href=\"mailto:hide@address.com\">webmaster</a>.</center></body></html>";
exit ;

// we send an email to you, then we let the user view the hidden page..
// If you want a really secure page, please change the default name
// "1q2w3e4r.php" of the hidden page to something else...
// You can hide and track html and/or script (php,cgi etc..), everything
// that output something known by a browser (html, text etc..).
// You can also include several files together in a single output
// (ie: you can join many html files or php files)

mail("hide@address.com", "DHT tracking", $body);
include '1q2w3e4r.php';

// You can protect and track nearly EVERY TYPE of file,but there are some problems
// handling the content-types with different browsers (explorer,netscape,opera),
// so the only "secure" way is to comment out the
// include ;
// statement, and insert these two strings:
// Header("Location: http://yoursite.com/yourdocument");
// exit ;
// Please note that in this case the user could see the real filename and
// path in the status bar or in the download window (so it's not a real
// hidden system like with the html/text/php/cgi etc..  files, where the user is
// unable to know the original file, so cannot link it directly).
// If you want to try a more secure system you have to use the content-types.
// To try this simply put an instruction like this:
// header( "Content-Type: application/pdf " );
// before the
// include ;
// statement, and as include file put the name of the document (in this case
// what should be a pdf file).
// Other common content-types (respectively tar.gz files and .doc files):
// header( "Content-Type: application/x-compresssed" );
// header( "Content-Type: application/msword" );


Return current item: Document Hide and Track