在webroot之外上传文件 [英] Upload files outside of webroot
问题描述
整个购买代码和上传的东西工作正常。
$ b
问题:
- 如何允许用户在webroot之外上传,但不能从那里读取/下载?
- 或者我如何允许用户上传到一个目录,但没有人可以读取/下载它?
我正在运行Apache并使用这样的代码通过表单上传文件:
public function upload_file($ file ='',$ post_value ='',$ path){
if($ _FILES [ $ post_value]){
$ uploadext = strtolower(strrchr($ _ FILES [$ post_value] ['name'],。));
if($ uploadext =='。jpg'|| $ uploadext =='。gif'|| $ uploadext =='。png'|| $ uploadext =='。swf'|| $ uploadext == '.jpeg'|| $ uploadext =='。pdf'|| $ uploadext =='。doc'|| $ uploadext =='。xls'|| $ uploadext =='。docx'){
$ destination = $ path。$ file。$ uploadext;
move_uploaded_file($ _ FILES [$ post_value] ['tmp_name'],$ destination);
} else {
echo PICTURE_ERROR;
}
}
return $ file。$ uploadext;
$ / code>
要使用move_uploaded_file函数,只要确保Web服务器可以在目标目录中写入。
创建一个可以读取文件并将其传递给浏览器的脚本后,可以确保用户已经支付了该文件。
例子
<?php
//在这里插入你的逻辑来验证用户有权访问这个文件。
//以二进制模式打开文件
$ name ='yourfile';
$ fp = fopen($ name,'rb');
//发送正确的标题
header(Content-Type:image / png);
header(Content-Length:。filesize($ name));
//转储图片并停止脚本
fpassthru($ fp);
出口;
?>
您必须小心内容类型也请确保用户不能每个文件的服务器如果您使用$ _GET变量获取文件名。
I'm developing a shopping system where shopmanager should be able to upload files to the system. Those files can the be sold for a fee and should only be accesible through providing a purchase code.
The whole purchase code and uploading thing is working fine. Just have to block the direct access to the file.
Questions:
- How can I allow users to upload outside of webroot but not read/download from there?
- Or How do I allow users to upload to a directory but no one can read/download from it?
I'm running Apache and use code like this to upload files via a form:
public function upload_file($file='',$post_value='',$path) {
if ($_FILES[$post_value]) {
$uploadext = strtolower(strrchr($_FILES[$post_value]['name'],"."));
if($uploadext=='.jpg' || $uploadext=='.gif' || $uploadext=='.png' || $uploadext=='.swf' || $uploadext=='.jpeg' || $uploadext=='.pdf' || $uploadext=='.doc' || $uploadext=='.xls' || $uploadext=='.docx') {
$destination = $path.$file.$uploadext;
move_uploaded_file($_FILES[$post_value]['tmp_name'], $destination);
} else {
echo PICTURE_ERROR;
}
}
return $file.$uploadext;
}
you can upload where ever you want using the move_uploaded_file function, just make sure the webserver can write in the destination directory.
After you have to create a script that would read the file and pass it to the browser so you can make sure user have paid the file.
exemple
<?php
// insert your logic here to verify the user has access to this file.
// open the file in a binary mode
$name = 'yourfile';
$fp = fopen($name, 'rb');
// send the right headers
header("Content-Type: image/png");
header("Content-Length: " . filesize($name));
// dump the picture and stop the script
fpassthru($fp);
exit;
?>
You have to be careful about the content-type also make sure the user cannot every file of your server if you use a $_GET variable for getting the filename.
这篇关于在webroot之外上传文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
