隐藏非成员的文件 [英] Hide files from non-members
问题描述
您好!
我正在尝试保护未登录
网站的用户的pdf文件。
我现在尝试的是在目录
中创建一个.htaccess文件,其中pdf'与'deny from all'这阻止了所有人从
下载它们。然后在成员区域当用户想要
下载pdf时,php脚本将pdf文件从secured-
文件夹复制到临时文件夹,将其重命名为用户可以下载的随机文件名
。然后,当用户准备下载
时,我想自动删除临时文件以禁止其他非b $ b成员找到它吗?我怎么能这样做?
也许有人有另一个完全不同的安全文件解决方案?
问候
/ Samuel
2月16日,11:33,n ... @ spray.se写道:
您好!
我正在尝试从未登录
网站的用户那里获取pdf文件。
我现在尝试的是在目录
中创建一个.htaccess文件,其中pdf'与'deny from all'这阻止了所有人从
下载它们。然后在成员区域当用户想要
下载pdf时,php脚本将pdf文件从secured-
文件夹复制到临时文件夹,将其重命名为用户可以下载的随机文件名
。然后,当用户准备下载
时,我想自动删除临时文件以禁止其他非b $ b成员找到它吗?我怎么能这样做?
也许有人有另一个完全不同的安全文件解决方案?
问候
/ Samuel
读取文件的内容并使用正确的
标题将其发送到终端。根本不需要写一个临时文件。
您将使用类似的代码,用您的
hidden替换数据库。文件。
而不是使用.htaccess拒绝访问,只需将文件
保存在一个不在http根结构中的目录中。
2月16日,11:52,瘫痪船长 < paul_laut ... @ yahoo.comwrote:
2月16日,11:33,n ... @ spray.se写道:
< blockquote class =post_quotes>
您好!
我正在尝试保护未登录
网站的用户的pdf文件。
我现在尝试的是在目录中创建一个.htaccess文件
,其中pdf'与'deny from all'这阻止了所有人从
下载它们。然后在成员区域当用户想要
下载pdf时,php脚本将pdf文件从secured-
文件夹复制到临时文件夹,将其重命名为用户可以下载的随机文件名
。然后,当用户准备下载
时,我想自动删除临时文件以禁止其他非b $ b成员找到它吗?我怎么能这样做?
也许有人有另一个完全不同的安全文件解决方案?
问候
/ Samuel
读取文件的内容并使用正确的
标题将其发送到终端。根本不需要写一个临时文件。
您将使用类似的代码,用您的
hidden替换数据库。文件。
而不是使用.htaccess拒绝访问,只需将文件
保存在一个不在http根结构中的目录中。
哎呀,错过了链接!
http://www.onlamp.com/pub/a/onlamp/2...09/webdb2.html
no***@spray.se :
您好!
我正在尝试保护未登录的用户的pdf文件
site。
我现在尝试的是在目录中创建一个.htaccess文件
其中pdf'与'拒绝所有' ;这阻止了所有人从
下载它们。然后在成员区域当用户想要
下载pdf时,php脚本将pdf文件从secured-
文件夹复制到临时文件夹,将其重命名为用户可以下载的随机文件名
。然后,当用户准备下载
时,我希望自动删除临时文件
但是你怎么知道用户何时用
随机文件名下载pdf?
禁止其他非
会员找到它?我怎么能这样做?
也许有人有另一个完全不同的安全文件解决方案?
问候
/ Samuel
将文件放在.htaccess中拒绝来自
all的目录中可能更容易(正如您已经做过的那样),以及用PHP读取文件。
然后让PHP将其内容发送到浏览器。
看看php.net上的文件功能。
这是函数file_get_contents():
http://nl2.php.net/manual/en/functio...t-contents.php
(我想知道了)为什么该函数没有命名为file_get_content()而不是
复数形式...)
如果你让PHP提供PDF,请确保PHP为
mimetype设置了正确的标题(不是text / html,而是application / pdf)
这样你就可以简单地重新设置如果用户
未登录,请执行下载文件。
问候,
Erwin Moller
Hello!
I''m trying to secure pdf-files from users that are not logged in on a
site.
What I have tried now is to make a .htaccess file in the directory
where the pdf''s are with "deny from all" which stops everyone from
downloading them. Then in the member-area when a user wants to
download a pdf a php-script copies the pdf-file from the secured-
folder to a temp-folder and renames it to some random file-name that
the user can download. Then when the user are ready with the download
I want the temp-file to be deleted automaticly to prohibit other non-
members to find it? How can I do this?
Maybe someone have another totally different solution to secure files?
Regards
/Samuel
On 16 Feb, 11:33, n...@spray.se wrote:Hello!
I''m trying to secure pdf-files from users that are not logged in on a
site.
What I have tried now is to make a .htaccess file in the directory
where the pdf''s are with "deny from all" which stops everyone from
downloading them. Then in the member-area when a user wants to
download a pdf a php-script copies the pdf-file from the secured-
folder to a temp-folder and renames it to some random file-name that
the user can download. Then when the user are ready with the download
I want the temp-file to be deleted automaticly to prohibit other non-
members to find it? How can I do this?
Maybe someone have another totally different solution to secure files?
Regards
/SamuelRead the file''s contents and send it to the terminal with the correct
headers. No need to write a temp file at all.
You will use similar code to this, replacing the database with your
"hidden" files.
Also rather than using .htaccess to deny access, just hold the files
in a directory that isn''t in the http root structure.
On 16 Feb, 11:52, "Captain Paralytic" <paul_laut...@yahoo.comwrote:On 16 Feb, 11:33, n...@spray.se wrote:
Hello!
I''m trying to secure pdf-files from users that are not logged in on a
site.
What I have tried now is to make a .htaccess file in the directory
where the pdf''s are with "deny from all" which stops everyone from
downloading them. Then in the member-area when a user wants to
download a pdf a php-script copies the pdf-file from the secured-
folder to a temp-folder and renames it to some random file-name that
the user can download. Then when the user are ready with the download
I want the temp-file to be deleted automaticly to prohibit other non-
members to find it? How can I do this?
Maybe someone have another totally different solution to secure files?
Regards
/Samuel
Read the file''s contents and send it to the terminal with the correct
headers. No need to write a temp file at all.
You will use similar code to this, replacing the database with your
"hidden" files.
Also rather than using .htaccess to deny access, just hold the files
in a directory that isn''t in the http root structure.Oops, missed the link!
http://www.onlamp.com/pub/a/onlamp/2...09/webdb2.html
no***@spray.se wrote:
Hello!
I''m trying to secure pdf-files from users that are not logged in on a
site.
What I have tried now is to make a .htaccess file in the directory
where the pdf''s are with "deny from all" which stops everyone from
downloading them. Then in the member-area when a user wants to
download a pdf a php-script copies the pdf-file from the secured-
folder to a temp-folder and renames it to some random file-name that
the user can download. Then when the user are ready with the download
I want the temp-file to be deleted automaticlyHi,
But how do you know when the user is finished downloading the pdf with the
random filename?
to prohibit other non-members to find it? How can I do this?
Maybe someone have another totally different solution to secure files?
Regards
/Samuel
It might be easier to just place the files in a directory with ''deny from
all'' in the .htaccess (as you already did), and read the file with PHP.
Then let PHP deliver its content to the browser.
Have a look at the filefunctions at php.net.
Here is the function file_get_contents():
http://nl2.php.net/manual/en/functio...t-contents.php
(I have wondered why that function isn''t named file_get_content() instead of
the plural form...)
If you let PHP deliver the PDF, make sure PHP sets the right header for the
mimetype (not text/html, but application/pdf)
In that way you can simply refuse the execute the downloadscript if the user
is not logged in.
Regards,
Erwin Moller
这篇关于隐藏非成员的文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
