拒绝直接访问 php web 文件夹中的 PDF 文件
[英]Deny direct access to PDF files in php web folder
问题描述
There is a fully running PHP site that can only be accessed when logged in with ID/password.
有一个完全运行的 PHP 站点,只有在使用 ID/密码登录时才能访问。
I have been asked to add a function to the site that uploads PDF files and show existing PDF files in the browser.我被要求向网站添加一个功能,用于上传 PDF 文件并在浏览器中显示现有的 PDF 文件。
So I achieved this by using iframe to embed PDF files in the browser.所以我通过使用 iframe 在浏览器中嵌入 PDF 文件来实现这一点。
But the problem is, the PDF files shouldn't be directly accessible (shouldn't be opened when accessing www.aaa.com/pdf/test.pdf), and must only be shown in the site so that only authorized users can view the file.但问题是,PDF文件不应该直接访问(访问www.aaa.com/pdf/test.pdf时不应该打开),并且只能在站点中显示,以便只有授权用户才能查看文件。
So I tried a few things :所以我尝试了一些事情:
- .htaccess : I'm not too familiar with PHP/HTML so searched some answers on stackoverflow and tried them without success. .htaccess :我对 PHP/HTML 不太熟悉,所以在 stackoverflow 上搜索了一些答案,但没有成功。
such as比如
order deny,allow
deny from all
allow from 127.0.0.1
or或
Require local
and so on.等等。 It obviously blocked direct access, but also didn't allow the PDF to be shown from the site (www.aaa.com/showPDF.php).它显然阻止了直接访问,但也不允许从站点 (www.aaa.com/showPDF.php) 显示 PDF。 Come to think of it, the above methods seem to only allow the files to be read when opened from the physical server.想想看,上面的方法好像只允许从物理服务器打开文件才能读取。
- Moving the PDF folder outside of webroot : I succeeded moving the upload folder outside of webroot and also uploading to it, but then iframe doesn't work since PHP can't find the PDF file.将 PDF 文件夹移到 webroot 之外:我成功地将上传文件夹移到了 webroot 之外并上传到它,但是 iframe 不起作用,因为 PHP 找不到 PDF 文件。 A workaround was to use headers and PHP readfile(), but I can't seem to modify the headers from where I'm from since the headers are already sent beforehand in files that I cannot modify.一种解决方法是使用标头和 PHP readfile(),但我似乎无法从我所在的位置修改标头,因为标头已经预先发送到我无法修改的文件中。
I think I'm making this overly complicated, and I think an appropriate .htaccess file will simply do, but don't have much knowledge in this area.我想我把这弄得太复杂了,我认为一个合适的 .htaccess 文件就可以了,但在这方面没有太多知识。 Would really appreciate help here, thanks!非常感谢这里的帮助,谢谢!
1 个解决方案
解决方案1
0 2018-04-05 10:31:51
Seems it was simple enough.
Order Deny,Allow Deny from all Allow from www.aaa.comworked.
======================================= ========================================
Edit : above didn't work.编辑:上面没有用。
In fact, I didn't have permission to access outside my webroot.事实上,我没有权限在我的 webroot 之外访问。 So I stored the pdf files inside a folder within my webroot and denied access from all by using :因此,我将 pdf 文件存储在我的 webroot 中的一个文件夹中,并使用以下命令拒绝所有人访问:
Deny from all
in .htaccess.在.htaccess 中。
After that, since iframe was denied by .htaccess, I tried to print the contents of the PDF by using file_get_contents().之后,由于 iframe 被 .htaccess 拒绝,我尝试使用 file_get_contents() 打印 PDF 的内容。 But this required setting header information such as但这需要设置标题信息,例如
$contents = file_get_contents($filePath);
header('Content-Type: ' . mime_content_type($filePath));
header('Content-Length: ' . filesize($filePath));
echo $contents;
But the php page that shows the contents of the PDF file (showPDF.php) already sent out headers during initializing, and I didn't have rights to modify that part.但是显示PDF文件内容的php页面(showPDF.php)在初始化的时候已经发送了headers,我无权修改那部分。
So I made a fresh php file (pdfviewer.php), added session information, and added the above 4 lines.于是我新建了一个php文件(pdfviewer.php),添加了session信息,并添加了上面4行。 After that I iframed pdfviewer.php within showPDF.php and it finally worked.之后,我在 showPDF.php 中对 pdfviewer.php 进行了 iframe,它终于起作用了。
I think this problem was REALLY specific to my current situation but hope someone finds it useful.我认为这个问题确实针对我目前的情况,但希望有人觉得它有用。
Also, thanks @CBroe since I realized I was wrong and got some hints!另外,感谢@CBroe,因为我意识到我错了并得到了一些提示!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.