在PHP限制文件下载 [英] restricting file download in PHP

问题描述

这样想我的服务器位于 http://www.example.com

so suppose my server is located in http://www.example.com

我然后把一个文件的file.exe在根服务器上的文件目录，因此通常可以通过输入这个在浏览器下载该文件。

I then put a file file.exe in the files directory in the root server hence normally you can download that file by typing this into the browser

http://www.example.com/files/file.exe

和假设我有一个PHP脚本，首先对用户进行认证，然后将它们重定向到的file.exe下载页面

And suppose that I have a php script that first authenticates the user and then redirect them to that file.exe download page

如。使用此方法：

   header('Location: http://www.example.com/files/file.exe');
   exit(0);

什么是最好的办法。

what is the best way to

1）从能够通过上述在输入网址访问该文件prevent未经授权的用户和

1.) prevent unauthenticated users from being able to access that file by typing in that URL above And

2）有php脚本仍然能够投放的文件，尽管1），因此身份验证的用户应该能够下载该位置的文件

2.) have the php script still able to serve that file despite 1.) hence authenticated users should be able to download that file on that location

假设我用的是标准的LAMP堆栈（也是我使用Zend框架）

supposing that I use the standard LAMP stack (also I use Zend Framework)

推荐答案

0：如同数据库密钥文件。例如。的file.exe = 2fae

0: Match your file with keys in database. EG. file.exe = 2fae

1：让用户去

http://www.example.com/download.php?key=2fae

2/3：检查用户下载该键/文件的权限

2/3: Check if user has the right to download that key/file.

3/2：查询数据库，配合实际的文件路径键

3/2: Lookup in database, match that key with actual file path

4：在的download.php，写

4: On download.php, write.

header('Content-disposition: attachment; filename='.$actual_file_path_and_name);
header('Content-type: application/exe'); // optional
readfile($filename);

它可以让用户下载的file.exe没有让他看到的file.exe实际的URL。它发生在的download.php。

It lets user download file.exe without letting him see the actual URL of file.exe. It happens on download.php.

参考： http://webdesign.about.com/od/php/ HT / force_download.htm

这篇关于在PHP限制文件下载的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！