htaccess-禁止直接访问除登录用户(PHP)以外的所有文件 [英] htaccess - disallow direct access to all files except logged in users (PHP)
本文介绍了htaccess-禁止直接访问除登录用户(PHP)以外的所有文件的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
使用.htacess(全部拒绝)-是否仅允许登录我系统的用户直接访问文件?如果有什么不同,我的网站是使用Drupal(PHP)构建的。如果可能的话,那么理想情况下,我也希望检查用户的角色。
Using .htacess (deny from all) - is it possible to only allow users who are logged in my system to directly access files? If it makes any difference my site is built with Drupal (PHP). If this is possible then ideally I would ideally I would like to check the user's role as well.
推荐答案
仅 .htaccess 。您需要做的是:
- 拒绝所有人访问文件
- 具有文件提供者
示例:
proxy.php
<?php
$proxiedDirectory = "./files/"; //Whatever the directory you blocked access to is.
$filename = isset($_GET["fn"])?$_GET["fn"]:null;
if ($filename === null || !file_exists($proxiedDirectory.$filename)) {
http_response_code(404);
exit;
}
if (!user_is_authenticated()) { //Not a real method, use your own check
http_response_code(403);
exit;
}
$fp = fopen($proxiedDirectory.$filename, 'rb');
header("Content-Type: image/???"); //May need to determine mime type somehow
header("Content-Length: " . filesize($proxiedDirectory.$filename));
fpassthru($fp);
exit;
您可以通过以下方式使用它:
And you'd use this via:
http://example.com/proxy.php?fn=filename.txt
这篇关于htaccess-禁止直接访问除登录用户(PHP)以外的所有文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
