PHP:强制下载头不会显示总体大小和速度 [英] PHP: Force download header wont show total size and speed
问题描述
每当我使用这个脚本下载文件时,下载时我看不到总大小和速度...我想让它看起来更像是直接下载链接。该脚本的目的是隐藏直接下载链接限制直接下载和其他下载行为,如机器人。想想mediafire,rapidshare,megaupload等。
我们现在的脚本工作,但不显示如何从正常的下载链接下载时显示,我将发布发生了什么的截图:
我希望这个截图有帮助,因为我在互联网上搜了几个小时,似乎找不到解决方案:(。
如果(isset($ _ GET ['file'])){
$ file = $ _GET ['file'];
$ path ='/ home / user / domains / domain.com / files / upload /';
$ filepath = $ path。$ file;
if(file_exists($ filepath)){
set_time_limit(0); //缓慢连接
头('Content-Description:File Transfer');
头(Content-Disposition:attachment; filename = \\$ file\);
header('Content-Type:application / octet-stream');
header('Conten t-Transfer-Encoding:binary');
header('Content-Length:'。文件大小($文件路径));
header('Cache-Control:must-revalidate,post-check = 0,pre-check = 0');
header('Pragma:public');
header('Expires:0');
readfile($ filepath); //发送文件到客户端
}
else {
头($ _ SERVER [SERVER_PROTOCOL]。404 Not Found,true,404);
}
} else {
header($ _ SERVER [SERVER_PROTOCOL]。404 Not Found,true,404);
}
服务器级别与mod_deflate或类似的东西?
这里已经回答:
使用PHP下载脚本发送正确的文件大小
如果您使用Zlib压缩文件,则内容长度标题中的mod_deflate等将不正确,因此您下载文件时最终会看到未知大小和未知时间剩余。
您可以使用适用的.htaccess文件中的以下行轻松禁用单脚本:
SetEnvIfNoCase Request_URI ^ /download.php no-gzip dont-vary
其中,download.php这里假定是位于服务器根目录路径中的下载脚本(例如www.crimsonbase.com/download.php)(这是因为正则表达式是^ / download.php。)
另外请注意,您的脚本不安全。有人可以为_GET ['file']
../../../ ..有效地发送以下get参数。 /../Documents/MyStuff
,它将完全覆盖$路径限制。
建议删除路径中的任何..引用。
Whenever I use this script to download a file, I can't see the total size and the speed while downloading... I want to to make it look more like the 'direct download link'. The purpose of this script is to hide the direct download link restrict direct downloading and other download behavior, like bots. Think of mediafire, rapidshare, megaupload etc.
The script we have now works but is not displayed as how it is displayed when you download from a normal download link, I will post a screenshot of what's happening:
I hope this screenshot helps, because I've searched the internet for hours and can't seem to find a solution to this :(.
if (isset($_GET['file'])){
$file = $_GET['file'];
$path = '/home/user/domains/domain.com/files/upload/';
$filepath = $path.$file;
if (file_exists($filepath)){
set_time_limit(0); // for slow connections
header('Content-Description: File Transfer');
header("Content-Disposition: attachment; filename=\"$file\"");
header('Content-Type: application/octet-stream');
header('Content-Transfer-Encoding: binary');
header('Content-Length: ' . filesize($filepath));
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Expires: 0');
readfile($filepath); // send file to client
}
else{
header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found", true, 404);
}
}else{
header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found", true, 404);
}
Is the content being compressed at the server level with mod_deflate or something similar?
This has been answered here: Sending correct file size with PHP download script
"If you compress files with Zlib, mod_deflate and so on the Content-Length header won't be accurate so you'll end up seeing "Unknown size" and "Unknown time remaining" when downloading files."
"You can easily disable it for a single script using the following line in an applicable .htaccess file:
SetEnvIfNoCase Request_URI ^/download.php no-gzip dont-vary where download.php is here assumed to be in the download script located in the server's root directory path (e.g. www.crimsonbase.com/download.php). (That's because the regular expression is ^/download.php.)"
Also, please note that your script is insecure. Someone could effectively send the following get parameter for _GET['file']
../../../../../Documents/MyStuff
and it will override your $path restriction entirely.
Suggest stripping out any .. references in the path.
这篇关于PHP:强制下载头不会显示总体大小和速度的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
