在webroot之外上传文件 [英] Upload files outside of webroot

查看:141
本文介绍了在webroot之外上传文件的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在开发一个购物系统,店主应该能够上传文件到系统。这些文件可以出售的费用,只应通过提供购买代码访问。



整个购买代码和上传的东西工作正常。
$ b

问题:




  • 如何允许用户在webroot之外上传,但不能从那里读取/下载?

  • 或者我如何允许用户上传到一个目录,但没有人可以读取/下载它?



我正在运行Apache并使用这样的代码通过表单上传文件:

  public function upload_file($ file ='',$ post_value ='',$ path){
if($ _FILES [ $ post_value]){
$ uploadext = strtolower(strrchr($ _ FILES [$ post_value] ['name'],。));
if($ uploadext =='。jpg'|| $ uploadext =='。gif'|| $ uploadext =='。png'|| $ uploadext =='。swf'|| $ uploadext == '.jpeg'|| $ uploadext =='。pdf'|| $ uploadext =='。doc'|| $ uploadext =='。xls'|| $ uploadext =='。docx'){
$ destination = $ path。$ file。$ uploadext;
move_uploaded_file($ _ FILES [$ post_value] ['tmp_name'],$ destination);
} else {
echo PICTURE_ERROR;
}
}
return $ file。$ uploadext;

$ / code>


解决方案

要使用move_uploaded_file函数,只要确保Web服务器可以在目标目录中写入。

创建一个可以读取文件并将其传递给浏览器的脚本后,可以确保用户已经支付了该文件。

例子

 <?php 
//在这里插入你的逻辑来验证用户有权访问这个文件。
//以二进制模式打开文件
$ name ='yourfile';

$ fp = fopen($ name,'rb');

//发送正确的标题
header(Content-Type:image / png);
header(Content-Length:。filesize($ name));

//转储图片并停止脚本
fpassthru($ fp);
出口;

?>

您必须小心内容类型也请确保用户不能每个文件的服务器如果您使用$ _GET变量获取文件名。

I'm developing a shopping system where shopmanager should be able to upload files to the system. Those files can the be sold for a fee and should only be accesible through providing a purchase code.

The whole purchase code and uploading thing is working fine. Just have to block the direct access to the file.

Questions:

  • How can I allow users to upload outside of webroot but not read/download from there?
  • Or How do I allow users to upload to a directory but no one can read/download from it?

I'm running Apache and use code like this to upload files via a form:

 public function upload_file($file='',$post_value='',$path) {
  if ($_FILES[$post_value]) {
      $uploadext = strtolower(strrchr($_FILES[$post_value]['name'],"."));
      if($uploadext=='.jpg' || $uploadext=='.gif' || $uploadext=='.png' || $uploadext=='.swf' || $uploadext=='.jpeg' || $uploadext=='.pdf' || $uploadext=='.doc' || $uploadext=='.xls' || $uploadext=='.docx') {
    $destination = $path.$file.$uploadext;
       move_uploaded_file($_FILES[$post_value]['tmp_name'], $destination);
   } else {
    echo PICTURE_ERROR;
   }
  }
  return $file.$uploadext;
 }

解决方案

you can upload where ever you want using the move_uploaded_file function, just make sure the webserver can write in the destination directory.

After you have to create a script that would read the file and pass it to the browser so you can make sure user have paid the file.

exemple

<?php
// insert your logic here to verify the user has access to this file.
// open the file in a binary mode
$name = 'yourfile';

$fp = fopen($name, 'rb');

// send the right headers
header("Content-Type: image/png");
header("Content-Length: " . filesize($name));

// dump the picture and stop the script
fpassthru($fp);
exit;

?>

You have to be careful about the content-type also make sure the user cannot every file of your server if you use a $_GET variable for getting the filename.

这篇关于在webroot之外上传文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆