Location: PHPKode > scripts > Document Hide and Track > document-hide-and-track/dht.php
<?php





/*
DHT - Document Hide and Track v0.2

(C) 2002 Giancarlo -rofus- Erra
hide@address.com
http://alfalinux.sourceforge.net

This software is under the GNU Public License (GPL)



-DESCRIPTION:
I started making this script for myself: I needed a way to show
the curriculum vitae on my website, avoiding people to know
the exact location of the file, avoiding direct linking and
tracking all requests. I started out with a simple form, a simple
php include and a mysql logging/tracking. Then a friend of mine
asked me to make a similar script for his documents, but without
mysql logging (with csv export). So I decide to work a little
more on the original version to release it, now I think it's
pretty stable and secure.
With this script you can "hide" html/php/perl/cgi/txt etc.. files,
to avoid direct linking and to track each visitor (so it can be
useful also as a download manager). It can works also with
zip/tgz/doc/pdf etc.. files, but in this case you could
enconter problems in the client configuration about the content
types (read the code before use dht with binary type files).


-INSTALLATION:
Untar the archive in a directory, then open the dht.php file.
It's well commented: you have to change some parameters to fit
your website url, your email address and the name of the logfile.
When you find a NOTE please pay attention: it's something
related to security of the script: you should change the
name of the default name of the logfile and the default name
of the hidden page/s (that will be probably your document
name). You'll be able to change also email messages, log
format etc.. Remember that it's always important to change default
parameters of the scripts: this prevents the rest of the world
to know important settings (as your hidden document or your
DHT logfile!).
This script is really short, so read it carefully and enjoy!


-REQUIREMENTS:
I tested it on a Linux redhat with apache and php4 as module.
Your apache user needs WRITING rights at least on the logfile.


-DISCLAIMER:
Remember: use this software at your own risk, I'm not responsible
for any direct or indirect damage, loss of data etc..
This software is distributed AS IS, without any warranty.


-TODO:
.New binary files handling (content types, hiding source address. Any idea? :P)
.Html interface for configuration
*/










//
// checking if there are empty fields (if yes user will be redirected directly to the pass page)
//

if (!$name || !$email) {
Header("Location: http://yoursite.com/dhtpass.php");
exit ;
}
else {

//
// simple check on the email input format (if wrong user will be redirected directly to the pass page)
//

 function emailsyntax_is_valid($email) {
  list($local, $domain) = explode("@", $email);
  $pattern_local = '^([0-9a-z]*([-|_]?[0-9a-z]+)*)(([-|_]?)\.([-|_]?)[0-9a-z]*([-|_]?[0-9a-z]+)+)*([-|_]?)$';
  $pattern_domain = '^([0-9a-z]+([-]?[0-9a-z]+)*)(([-]?)\.([-]?)[0-9a-z]*([-]?[0-9a-z]+)+)*\.[a-z]{2,4}$';
  $match_local = eregi($pattern_local, $local);
  $match_domain = eregi($pattern_domain, $domain);
  	if ($match_local && $match_domain) {
    	return 1;
  	} else {
    	return 0;
  	}
 }
 if (!emailsyntax_is_valid($email)) {
	Header("Location: http://yoursite.com/dhtpass.php");
	exit ;
 }

//
// all is ok! creating the email message...
//
// You can change this text (in ascii format) to fit your needs, for example
// if you have several documents hidden by several dht scripts. In this case
// probably you need an email specifying a document name or version..
//

if ($referer=="") {
$referer="unknown, typed url or bookmark";
}
if ($remotehost=="") {
$remotehost="unknown hostname";
}
$today = date("F j, Y, g:i a");
$body="Name: $name \nEmail: $email \nTime: $today \nReferer: $referer \nRemotehost: $remoteaddr $remotehost \nUseragent: $useragent \n\n";

//
// this is the log message (exportable easily: CSV compatible!)
// You can import this log easily, in excel/access or in mysql for example:
// the log use "" to quote and ; to separate fields.
//

$add_row = "\"$name\";\"$email\";\"$today\";\"$referer\";\"$remoteaddr $remotehost\";\"$useragent\"\n";

//
// opening, writing and closing the log file..
//
// NOTE!! NOTE!! NOTE!!
// If you want a secure logfile please be sure to change the default name
// "dhtb.txt" to something else, check that the directory in which it is
// has directory listing denied, check file rights .. and finally check
// if your apache user can write in it :)
// The best way is to create the file before the first execution, then
// set the right file permissions.
//
// Please don't ask me to port this to a database platform: I have my
// own version on db, but this is for all the users, and often they
// are not able to manage or configure the db or change the scripts
// to fit their db settings. PHP is now available in many free hosting
// services, but it's not so with database access, so everyone can
// probably use this script with less setup time...
// Well, if you want you can always change this section to write to
// your db :)
// REMEMBER that the log file is a CSV file, so you can easily
// import it wherever you want.
//

$filedb="./dhtdb.txt";
if (!$aprif = fopen($filedb,"a+")) {
echo "<html><body bgcolor=\"white\"><br><center>Ouch! Error processing your request (FOPEN error). Please contact the <a href=\"mailto:hide@address.com\">webmaster</a>.</center></body></html>";
exit ;
}
feof($aprif);
fputs($aprif,$add_row);
fclose($aprif);

//
// we send an email to you, then we let the user view the hidden page..
//
// NOTE!! NOTE!! NOTE!!
// If you want a really secure page, please change the default name
// "1q2w3e4r.php" of the hidden page to something else...
//
// You can hide and track html and/or script (php,cgi etc..), everything
// that output something known by a browser (html, text etc..).
//
// You can also include several files together in a single output
// (ie: you can join many html files or php files)
//

mail("hide@address.com", "DHT tracking", $body);
include '1q2w3e4r.php';

//
// You can protect and track nearly EVERY TYPE of file,but there are some problems
// handling the content-types with different browsers (explorer,netscape,opera),
// so the only "secure" way is to comment out the
// include ;
// statement, and insert these two strings:
// Header("Location: http://yoursite.com/yourdocument");
// exit ;
// Please note that in this case the user could see the real filename and
// path in the status bar or in the download window (so it's not a real
// hidden system like with the html/text/php/cgi etc..  files, where the user is
// unable to know the original file, so cannot link it directly).
//
// If you want to try a more secure system you have to use the content-types.
// To try this simply put an instruction like this:
// header( "Content-Type: application/pdf " );
// before the
// include ;
// statement, and as include file put the name of the document (in this case
// what should be a pdf file).
// Other common content-types (respectively tar.gz files and .doc files):
// header( "Content-Type: application/x-compresssed" );
// header( "Content-Type: application/msword" );
//

}
?>

Return current item: Document Hide and Track