防止下载URL共享 [英] Prevent download URLs from being shared
问题描述
当我向用户提供下载内容时,我不希望他们能够复制URL并与他人共享.更进一步:我只愿放弃一次下载.如果他们第二次访问该URL,我想抛出404.
When I offer a download to a user, I don't want them to be able to copy the URL and share it with others. To go even further: I would like to give out the download only once. If they access the URL a second time, I'd like to throw a 404.
如何防止用户第二次访问下载URL,并且此方法是充分的证据.
How can I prevent a user from accessing the download URL a second time and is this method full proof.
我目前按以下方式提供文件:
I currently serve my file as follows:
header("Content-type: application/pdf");
// Set the name of the downloaded file here:
header("Content-Disposition: attachment;filename='example.pdf'");
// Get the contents of the original file:
echo file_get_contents('example.pdf');
我还向我的mysql数据库添加了一个表
I've also added a table to my mysql database
+----+------+-------+------+
| downloads |
+----+------+-------+------+
| id | file | token | flag |
+----+------+-------+------+
推荐答案
您将需要使用重定向到文件的下载脚本.在重定向到文件之前,脚本将需要通过唯一令牌(存储在数据库中)来验证url.该脚本可以记录已进行的下载并在数据库中设置一个标志.检查该标志以防止将来下载.
You would need to use a download script which redirects to the file. The script would need to verify the url via a unique token (stored in a database) before redirecting to the file. The script could record a download has been made and set a flag in the database. Check the flag to prevent future downloads.
编辑:这是一个示例(带有伪代码):
EDIT: Here's an Example (with pseudocode):
if( isset($_GET["token"]) && !empty($_GET["token"]) )
{
//verify $_GET["token"] matches a token in the db
//verify that the download flag has not been set
header("Content-type: application/pdf");
// Set the name of the downloaded file here:
header("Content-Disposition: attachment;filename='example.pdf'");
//set the downloaded flag in the database so that this file can't be downloaded again
// Get the contents of the original file:
echo file_get_contents('example.pdf');
}
else
header("HTTP/1.0 404 Not Found");
这篇关于防止下载URL共享的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!