如何阻止 URL 直接访问文件夹中的所有文件,但仍允许用户下载?
[英]How can I block direct URL access to all file in a folder, but still allow it to be downloaded by users?
问题描述
i have a folder with name uploads and have files i want to block direct download i readed an used this link PHP: How can I block direct URL access to a file, but still allow it to be downloaded by logged in users?
我有一个名称为上传的文件夹,并且有文件我想阻止直接下载我阅读了使用此链接PHP:如何阻止 URL 直接访问文件,但仍允许登录用户下载它? in stackoverflow but it just not work and just download a Broken file在stackoverflow中,但它不起作用,只需下载一个损坏的文件
this is my code .htaccess file这是我的代码 .htaccess 文件
Order Deny,Allow
Deny from all
php file php 文件
<?php
if( !empty( $_REQUEST['name'] )&& !empty( $_REQUEST['user'] ) && !empty( $_REQUEST['pass'] ) )
{
include 'include/DbHandler.php';
$db = new DbHandler();
$user= $_REQUEST['user'];
$pass= $_REQUEST['pass'];
$file_name= $_REQUEST['name'];
// file name like this : hps.jpg
$nest = $db->checkuserpass($user,$pass,$file_name);
if ($nest!=2)
{
/// user have premision for download
function getExtension($file){
preg_match('/\.[^\.]+$/i', $file, $ext);
return $ext[0];
}
//File type
$file_type = getExtension($file_name);
header('Content-Description: File Transfer');
//header('Content-Type: application/octet-stream');
header('Content-Type: '.$file_type);
header('Content-Disposition: attachment; filename='.$file_name);
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: '.filesize("$file_name"));
ob_clean();
flush();
readfile("$file_name");
exit;
}
}
?>
1 个解决方案
解决方案1
0 已采纳 2020-04-11 14:58:24
Instead of denying access by .htaccess file you could save your file at a folder outside public side of your server, that is, outside www directory.除了拒绝 .htaccess 文件的访问之外,您还可以将文件保存在服务器公共端之外的文件夹中,即 www 目录之外。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.