Lets say I have a plain text file example.txt
and I have a PHP script on my web-server readfile.php
.
What I want to be able to do is to prevent users from typing http://www.example.com/example.txt
and looking at the text file directly but I still want people to be able to load http://www.example.com/readfile.php
which reads from the file example.txt
and does something with it (possibly displays the contents of the file).
Also, if this can be done, what is the best way to do it?
Yes, this is easy to do.
There are two main ways to stop users from accessing example.txt
. The first is to put it in a folder outside your web folder (Usually called www
or public_html
), the second is to put a .htaccess
file in the folder with your example.txt script which blocks access to the file altogether. The .htaccess
would look like
<files "example.txt">
deny from all
</files>
But you could change example.txt
to something like *.txt
if you wanted to block all .txt
files in the folder.
Then you can use file_get_contents()
in your readfile.php
to get the contents of the text file, or if you just want to output the file you can use readfile
Just store the files you don't want publicly accessible outside the webroot .
/home
example.txt
/www
readfile.php
If /home/www/
is your public webroot folder, any file above it is not accessible through the web server. readfile.php
can still access the file perfectly fine at ../example.txt
though.
If you need to store the files in the webroot, then put the files in a folder and deny access to that folder. If you are using apache, make a .htaccess file in the folder and type in deny from all
I've done something similar where the files contain extremely sensitive information and I only want validated users to be able to retrieve the file through an HTTPS connection.
What I did was this:
I put the files in a directory path that is outside the scope of what the web server (Apache, for me) can see. Therefore, there are no possible URLs that will result in the file being served up directly by the web server. Then I created a script that allows users to login, click on the file they want, and then the PHP script reads the file, puts the appropriate headers, and then streams the file to the user's computer.
Of course, the script that shows the user the list of files and the script that streams the file out to the user must have at least read access to the files in the path where they are being stored.
Good luck!!
Quick hack - rename your file to ".cannotReadFileWithDOT". he server will close reading files with a dot at the beginning of the name, but your scripts will be able to read them. The plus is that the apache and nginx servers out of the box are configured to prohibit reading files with a dot at the beginning of the name.
您可以将文件“example.txt”放在公共文件夹之外并从 readfile.php 中读取,如$content = file_get_contents("../example.txt");
You can call a file like this and the people don't see the filename:
<?php
$file = 'example.txt';
if (file_exists($file)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
ob_clean();
flush();
readfile($file);
exit;
}
?>
(source: php.net)
Would that work for you?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.