PHP脚本访问否则“全部拒绝”的目录(通过.htaccess)
[英]PHP script access a directory that is otherwise 'deny all' (Via .htaccess)
问题描述
I'm trying to get a php script to list the contents of a backup directory that is protected using a 'deny all' command in a .htaccess file. 
我正在尝试使用php脚本列出使用.htaccess文件中的'deny all'命令保护的备份目录的内容。
The reasoning behind this being a backup plugin for wordpress is only available to Administrators and I'd like to give a lower ranked user the ability to download their backups from online (via a simple dashboard widget). 这背后的原因是wordpress的备份插件仅供管理员使用,我希望让排名较低的用户能够从在线下载备份(通过简单的仪表板小部件)。
You can find the code I'm using below, and it trips up when encountering a 403 error because of the htaccess file. 您可以在下面找到我正在使用的代码,并且由于htaccess文件而遇到403错误时它会跳闸。
//define the directory (this is where the backup plugin store the .zip files)
$directory = site_url() . "/wp-content/backups/";
//display the generated directory for testing
echo '<b>Scanning: </b>' . $directory . '</br></br>';
//display a link to a test.zip I know exists for testing
echo '<b>Manual Link: </b> <a href="' . $directory . 'test.zip" target="_blank">test.zip</a></br></br>';
//get all files in the directory with a .zip extension.
$files = glob($directory . "*.zip");
//print each file name as a download link
foreach($files as $file){
echo '<a href="' . $file . '">' . $file . '</a> </br>';
}
Any help you could provide would be most helpful. 您可以提供的任何帮助都将是最有帮助的。
Thanks, Andy. 谢谢,安迪。
Update on code so that glob works properly 代码更新,以便glob正常工作
//Define the backup folder location
$backup_location = "wp-content/backups/";
//Set the file directory for glob
$directory = $_SERVER['DOCUMENT_ROOT'] . $backup_location;
//Prints the directory for testing purposes
echo '<b>Scanning: </b>' . $directory . '</br></br>';
//Filter the discovered files
$files = glob($directory . "*.*");
//Echo the filtered files
foreach($files as $file){
echo '<a href="' . site_url() . '/' . $backup_location . basename($file) . '">' . basename($file) . '</a> </br>';
}
2 个解决方案
解决方案1
1 已采纳 2011-12-04 11:53:51
You are currently just providing links to files the user doesn't have access to. 您目前只是提供用户无权访问的文件的链接。 This will not work without adding any rights. 如果不添加任何权限,这将无效。
What would work in this set-up is to actually serve the files to the user, using your current page. 在此设置中可以使用当前页面实际向用户提供文件。
What you basically do is make the php read the file (it has access to that file), send the user a header and then the content. 你基本上做的是让php读取文件(它可以访问该文件),向用户发送标题,然后发送内容。 Use code like the example from the php manual: 使用像PHP手册中的示例代码:
http://php.net/manual/en/function.readfile.php http://php.net/manual/en/function.readfile.php
<?php
$file = 'monkey.gif';
if (file_exists($file)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
ob_clean();
flush();
readfile($file);
exit;
}
?>
解决方案2
1 2011-12-04 11:55:43
Your problem is this: 你的问题是这样的:
$directory = site_url() . "/wp-content/backups/";
You cannot do directory listings over HTTP. 您无法通过HTTP进行目录列表。 That does not work (regardless of access restrictions). 这不起作用(无论访问限制如何)。 You need to run glob() etc. on local directories. 您需要在本地目录上运行glob()等。
$directory = "./wp-content/backups/";
It says right so on the glob manual page: 它在glob手册页面上正确说:
Note: This function will not work on remote files as the file to be examined must be accessible via the server's filesystem.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.