PHP：我怎样才能阻止URL直接访问文件，但仍然允许它被下载的登录用户？ [英] PHP: How can I block direct URL access to a file, but still allow it to be downloaded by logged in users?

问题描述

我有一个网站，用户应该能够登录并听一首歌（自创建MP3）。我想使它所以登录的用户可以收听/下载/不管，而由非用户谁拥有的路径访问应驻留在服务器上（而不是存储在MySQL数据库中），但不能够文件到URL

I have a website where users should be able to log in and listen to a song (a self-created mp3). I want to make it so the logged in user can listen/download/whatever, and the file should reside on the server (not be stored in the MySQL database), but not be able to be accessed by non-users who have the path to the URL.

例如：说我的MP3是位于mysite.com/members/song.mp3如果你登录了，你应该能够看到mysite.com/members/index.php页面，该页面将允许访问该Song.mp3的文件。如果您没有登录，mysite.com/members/index.php网页不会显示你的Song.mp3的文件，并直接链接到它不应该授予访问权限。

For example: say my mp3 is located at mysite.com/members/song.mp3 If you are logged in, you should be able to see the mysite.com/members/index.php page, which will allow access to the song.mp3 file. If you're not logged in, the mysite.com/members/index.php page will not show you the song.mp3 file, and linking directly to it should not grant access.

我是pretty的肯定，这是通过htaccess的做的，我做了很多的谷歌搜索已经和搜索就在这里。我发现这两个最接近的答案是这样的htaccess指南<一href="http://perishable$p$pss.com/$p$pss/2006/01/10/stupid-htaccess-tricks/">http://perishable$p$pss.com/$p$pss/2006/01/10/stupid-htaccess-tricks/这个计算器的问题<一href="http://stackoverflow.com/questions/2679524/block-direct-access-to-a-file-over-http-but-allow-php-script-access">Block直接访问文件通过HTTP，但允许PHP脚本访问但是没有回答我所有的问题，以满足​​我的标准。我在想什么？

I'm pretty sure this is done via htaccess, and I have done a lot of Googling already, and searched on here. The two closest answers I found were this htaccess guide http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/ and this StackOverflow question Block direct access to a file over http but allow php script access but neither answer all my questions to meet my criteria. What am I missing?

推荐答案

进入文件夹中的成员的创建新的文件夹中的文件的，将这里的所有歌曲，创建新的的.htaccess 的文件，加上下面几行：

Into folder members create new folder files, move here all your songs, create new .htaccess file and add the following lines:

Order Deny,Allow
Deny from all

进入文件夹的成员的创建文件的 get_song.php 和添加以下code：

Into folder members create file get_song.php and add the following code:

if( !empty( $_GET['name'] ) )
{
  // check if user is logged    
  if( is_logged() )
  {
    $song_name = preg_replace( '#[^-\w]#', '', $_GET['name'] );
    $song_file = "{$_SERVER['DOCUMENT_ROOT']}/members/files/{$song_name}.mp3";
    if( file_exists( $song_file ) )
    {
      header( 'Cache-Control: public' );
      header( 'Content-Description: File Transfer' );
      header( "Content-Disposition: attachment; filename={$song_file}" );
      header( 'Content-Type: application/mp3' );
      header( 'Content-Transfer-Encoding: binary' );
      readfile( $song_file );
      exit;
    }
  }
}
die( "ERROR: invalid song or you don't have permissions to download it." );

而现在，你可以使用这个网址来获得歌曲文件：
http://mysite.com/members/get_song.php?name=my-song-name

And now, you can use this URL to get the song file:
http://mysite.com/members/get_song.php?name=my-song-name

这篇关于PHP：我怎样才能阻止URL直接访问文件，但仍然允许它被下载的登录用户？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！