![](/img/trans.png)
[英]PHP: How can I block direct URL access to a file, but still allow it to be downloaded by logged in users?
[英]How can I block direct URL access to all file in a folder, but still allow it to be downloaded by users?
我有一個名稱為上傳的文件夾,並且有文件我想阻止直接下載我閱讀了使用此鏈接PHP:如何阻止 URL 直接訪問文件,但仍允許登錄用戶下載它? 在stackoverflow中,但它不起作用,只需下載一個損壞的文件
這是我的代碼 .htaccess 文件
Order Deny,Allow
Deny from all
php 文件
<?php
if( !empty( $_REQUEST['name'] )&& !empty( $_REQUEST['user'] ) && !empty( $_REQUEST['pass'] ) )
{
include 'include/DbHandler.php';
$db = new DbHandler();
$user= $_REQUEST['user'];
$pass= $_REQUEST['pass'];
$file_name= $_REQUEST['name'];
// file name like this : hps.jpg
$nest = $db->checkuserpass($user,$pass,$file_name);
if ($nest!=2)
{
/// user have premision for download
function getExtension($file){
preg_match('/\.[^\.]+$/i', $file, $ext);
return $ext[0];
}
//File type
$file_type = getExtension($file_name);
header('Content-Description: File Transfer');
//header('Content-Type: application/octet-stream');
header('Content-Type: '.$file_type);
header('Content-Disposition: attachment; filename='.$file_name);
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: '.filesize("$file_name"));
ob_clean();
flush();
readfile("$file_name");
exit;
}
}
?>
除了拒絕 .htaccess 文件的訪問之外,您還可以將文件保存在服務器公共端之外的文件夾中,即 www 目錄之外。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.