如何给用户临时访问特定链接的权限?
[英]How to give users temporary access to specific links?
问题描述
I see people do it a lot, usually when embedding videos. 
我看到人们通常在嵌入视频时会做很多事情。
They have links with timestamps or something in GET values that allow the user temporary access to the file. 它们具有带有时间戳的链接或GET值中的某些内容,这些链接允许用户临时访问文件。
I currently just have my .htaccess file have Options -Indexes (Just so they can't access the directories at all. I know it doesn't help much though) 目前,我的.htaccess文件只有Options -Indexes (只是让他们根本无法访问目录。我知道这没有多大帮助)
Should I possibly make a PHP script to store in sql db special ids matched with IPs with timestamp that expire 30 minutes later? 我是否应该制作一个PHP脚本来存储与ip匹配且时间戳在30分钟后过期的特殊ID到sql db中? I don't know if that'd be the most efficient way of going about this. 我不知道这是否是解决此问题的最有效方法。
What would be the best way of going about doing this? 这样做的最好方法是什么?
1 个解决方案
解决方案1
2 已采纳 2015-02-21 12:35:22
You can use a timestamp + a protection hash, example: 您可以使用时间戳+保护哈希,例如:
When you create the link you do something like this: 创建链接时,您将执行以下操作:
define('SECRET',"onlyknownbyyourserversidescipt");
$now = time();
$protect = md5($now.SECRET);
$link = 'http://what.ever/?'.http_build_query(array('t'=>$now,'p'=>$protect));
When the link is opened you check if the time match the protected 链接打开后,您将检查时间是否与受保护的时间匹配
if(md5($_GET['t'].SECRET) === $_GET['p']){
//then you can check the time
if(time()-$_GET['t'] > 30*60){
header(..)
}else{
header(..)
}
}
Nobody can fake the timestamp because nobody knows your secret 没有人可以伪造时间戳,因为没人知道您的秘密
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.