htaccess - 禁止直接访问除登录用户以外的所有文件 (PHP)
[英]htaccess - disallow direct access to all files except logged in users (PHP)
问题描述
Using.htacess (deny from all) - is it possible to only allow users who are logged in my system to directly access files? 
Using.htacess (deny from all) - 是否可以只允许登录我系统的用户直接访问文件? If it makes any difference my site is built with Drupal (PHP).如果它有任何区别,我的网站是用 Drupal (PHP) 构建的。 If this is possible then ideally I would ideally I would like to check the user's role as well.如果这是可能的,那么理想情况下,我也想检查用户的角色。
1 个解决方案
解决方案1
5 已采纳 2016-10-26 10:19:06
You cannot do this with .htaccess alone.您不能单独使用.htaccess来执行此操作。 What you need to do is:你需要做的是:
- Deny file access from all拒绝所有人的文件访问
- Have a "file provider" script which allows file passthrough after authentication.有一个“文件提供者”脚本,允许在身份验证后通过文件。
Example:例子:
proxy.php代理.php
<?php
$proxiedDirectory = "./files/"; //Whatever the directory you blocked access to is.
$filename = isset($_GET["fn"])?$_GET["fn"]:null;
if (!user_is_authenticated()) { //Not a real method, use your own check
http_response_code(403);
exit;
}
if ($filename === null || !file_exists($proxiedDirectory.$filename)) {
http_response_code(404);
exit;
}
$fp = fopen($proxiedDirectory.$filename, 'rb');
header("Content-Type: image/???"); //May need to determine mime type somehow
header("Content-Length: " . filesize($proxiedDirectory.$filename));
fpassthru($fp);
exit;
And you'd use this via:你可以通过以下方式使用它:
http://example.com/proxy.php?fn=filename.txt
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.