如何动态密码保护文件(图像、视频、zip)不受公开并只允许成员访问? [英] How to password protect files (images, video, zip) dynamically from public and allow access to members only?
问题描述
这是一个常见问题,解决了很多次,但由于某种原因我找不到正确的信息.
It's a common problem, solved many times, but for some reason i cannot find the right information.
一些限制和要求:
- LAMP 堆栈技术.
- 精细控制哪些文件可访问.
- 没有使用 htpasswd 文件的基本身份验证,我想提供自定义登录前端.
- 应该能够安全地保护和提供大型视频文件
所有这些网站如何在不使用基本身份验证的情况下保护其文件不被公开?
How do all those sites protect their files from public without using basic authentication?
谢谢!
一个类似的问题:面向性能的文件保护方式在 PHP 级别?
推荐答案
您通常会将任何对媒体文件的请求重定向到 PHP 脚本.PHP 脚本执行登录身份验证,并在成功时从受保护的位置加载请求的媒体文件,并将其传递给浏览器,例如使用 fpassthru()
或 fread()代码>.
You would usually redirect any requests for the media files to a PHP script. The PHP script does the login authentication, and on success, loads the requested media file from a protected location, and passes it through to the browser, for example using fpassthru()
or fread()
.
您可以使用一组mod_rewrite
指令来设置一个非常优雅的解决方案,例如重写
You can set up a very elegant solution using a set of mod_rewrite
instructions, for example rewriting
www.example.com/media/music.mp3
内部
www.example.com/media/index.php?file=music.mp3
该方法并不便宜,因为每次下载都必须启动 PHP 解释器,并传递文件的每个字节.为了讨论可能的替代方案,我在几个月前问了一个问题:以性能为导向的方式来保护 PHP 级别的文件?
the method is not cheap, as the PHP interpreter has to be started for every download, and pass through every byte of the file. For a discussion of possible alternatives, I asked a question about that a few months back: Performance-oriented way to protect files on PHP level?
这篇关于如何动态密码保护文件(图像、视频、zip)不受公开并只允许成员访问?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!