如何阻止直接下载文件 [英] How to block direct download file

问题描述

我的网站包含一些下载内容。我只想访问下载此文件的用户。

My website contains some download content. I want to access download this file only for logged in user.

如果用户在浏览器中输入直接文件url，则如果用户未登录则显示禁止页面。 CMS。
直接文件链接：localhost / files / questions / 20160917070900-w2CdE9LZpE.zip

If user type direct file url in browser it show forbidden page if user not logged in. Am not using any CMS. Direct File Link: localhost/files/questions/20160917070900-w2CdE9LZpE.zip

我在网上搜索，但找不到任何好的答案。请建议我该怎么做。

I searched on net but failed to find any good answer. Please suggest me how can I do it.

推荐答案

放入文件夹成员中创建新的文件夹文件，将所有歌曲移至此处，新建.htaccess文件并添加以下行：

Into folder members create new folder files, move here all your songs, create new .htaccess file and add the following lines:

Order Deny,Allow
Deny from all

进入文件夹成员创建文件get_file.php并添加以下代码：

Into folder members create file get_file.php and add the following code:

if( !empty( $_GET['name'] ) )
{
  // check if user is logged    
  if( is_logged() )
  {
    $file_name = preg_replace( '#[^-\w]#', '', $_GET['name'] );
  $question_file = "{$_SERVER['DOCUMENT_ROOT']}/files/questions/{$file_name}.zip";
  if( file_exists( $question_file ) )
  {
    header( 'Cache-Control: public' );
    header( 'Content-Description: File Transfer' );
    header( "Content-Disposition: attachment; filename={$question_file}" );
    header( 'Content-Type: application/zip' );
    header( 'Content-Transfer-Encoding: binary' );
    readfile( $question_file );
    exit;
   }
  }
}
die( "ERROR: invalid song or you don't have permissions to download it." );

获取文件的URL：localhost / get_file.php？name = file_name

URL to get the file: localhost/get_file.php?name=file_name

这篇关于如何阻止直接下载文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！