Download Server =============== (c) 2012 Alex Bligh - Provided under the MIT Licence. See LICENCE file. This download server provides reliable logged downloads over http. It is intended to be used where: A. A website (such as a Wordpress website) wants to offer a downlaod facility and record the downloads made. Let's call this the 'source website'. B. The download should come from a different website (possibly because the source website is https and large downloads over http are resource consumptive). Let's call this the 'download web site'. C. It is imperative that the download must be tracked by authenticated username, and by time and success. The strategy used is as follows: 1. The source website contains a link to a download page, which appears to be on the source website, but in fact is redirect page. 2. The redirect page redirects to a dynamically constructed URL on on the download site. That URL is a URL for a CGI script with the following parameters: a) the file to be downloaded (or the name of a symlink to such a file). b) the id of the user against whom the download is to be logged. c) the UNIX time (since epoch) d) a hash of the above plus a shared secret 3. The download script checks the parameters, checks the time is within a few seconds, and checks the hash value. If these match, it serves the file, logging start, success and errors. The purpose of the time check is so that the URL can't realistically be distributed to others. The hash prevents tampering with the parameters. INSTALLATION ============ httpd.conf.example contains an example httpd.conf for the downloads server download.pl contains the script to go in the download directory on the download server, and should be marked executable. In this example that would be /var/www/server.example.com/download/download.pl ambdownload.php is a Wordpress plugin which will can be installed in the plugins directory in Wordpress, e.g. in wp-content/plugins/ambdownload/ambdownload.php This allows setting of a custom meta on a page to turn it into a download page. For instance, if you wished to make a page redirect to download 'myfile', set a custom meta key for that page named 'download_file' to the value 'myfile'. You will need to enable this module once you have installed it. You should set the following meta keys: download_file - the tag of the file (see above) download_url - the base URL of the perl script, e.g http://server.example.com/download/download.pl download_error - if set, redirects to this page if a user is not set Note, to avoid having to muck around with Wordpress, myfile could be a symlink, and the script will correctly name the downloaded file as per the target of the symlink. Running download.pl with two parameters, e.g. /var/www/server.example.com/download/download.pl 'myname@example.com' 'myfile' will print out the URL to use to download 'myfile', logged as 'myname@example.com' Your files to be downloaded should be put in /var/www/server.example.com/download/ These may be symlinks. The apache configuration will prevent them from being downloaded directly. Ensure both servers have a file /etc/apache2/download.secret with some random textual data in. 32 random ASCII characters should be fine. You can change this whenever you want, provided it's changed on both servers simultaneously. Logging will take place to /var/log/download.log Ensure this file is created by you, and owned by the user running cgi scripts. Usually this will do # >/var/log/download.log # chown www-data:www-data /var/log/download.log You will need to do your own log rotation. You can include information about each download by using a shortcode: [ambdownloadinfo url='URL' file='FILENAME' dp='DECIMALPLACES']FORMAT[/ambdownloadinfo] FORMAT is like printf, but $NAME represents the name of the file (per the target above) $SIZE represents its size $MD5SUM represents its md5sum (if expandedfile.md5sum exists) $FSIZE represents the size written in a friendly manner Example usage (to be entered in the HTML editor) The file is [ambdownloadinfo url='http://www.example.com/download' file='default']named $NAME has an md5sum of $MD5SUM and is roughly $FSIZE in size[/ambdownloadinfo]