PHP中的安全文件下载,未经许可拒绝用户 [英] Secure file download in PHP, deny user without permission
问题描述
我正在制作一个网站,您可以在其中购买虚拟点的文件,然后下载它们.我不想让用户不购买就下载文件,所以我必须隐藏它们.我把所有文件都放在一个文件夹中,除了主机之外,没有任何人的许可,问题是有人买了一个文件想要下载它.
I'm making a website where you can buy files for virtual points, and then download them. I don't want to let users download the files without buying it, so I have to hide them. I put all the files in a folder without permission for anyone except host, the problem is when someone buys a file and wants to download it.
我决定制作一个文件获取器,它将检查用户的权限,然后打印出文件内容.到目前为止我的代码:
I decided to make a file getter, that will check permissions of user and then print out the file contents. My code so far:
<?php
require_once('content/requirements.php'); //mysql connections
secure(1); //disconnect unlogged users
if (!isset($_GET['id'])) //if no file id provided
die();
$fid=mysql_real_escape_string($_GET['id']); //file id
$query="SELECT * FROM files WHERE user_id = "$_SESSION['user_id']." AND file_id = ".$id;
$q=mysql_query($query);
if (mysql_num_rows($q)!=1) //if no permission for file or multipe files returned
die();
$file=mysql_fetch_array($q); //file id
$sub=mysql_fetch_array(mysql_query("SELECT * FROM sub WHERE id = ".$file['file_id'])); //payment id
?>
现在,当我确定用户有权执行此操作时,phpScript 应该写入文件内容并发送适当的标头让用户下载.
Now when Im sure the user is authorized to do this, phpScript should write the file contents and send appropiate header to let user download it.
如何逐字节读取文件并打印它以及我应该在 header() 中写什么,以使文件可下载(因此您不必复制粘贴其内容).
How to read file byte-by-byte and print it and what should i write in header(), to make the file downloadable (so you don't have to copypaste its contents).
也许这不是最好的方法,但这是我一段时间以来想到的最好的方法.
Maybe this is not the best way to do this, but it was the best thing I thought of in a while.
感谢您的帮助.
推荐答案
if (file_exists($file)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
ob_clean();
flush();
readfile($file);
exit;
}
这篇关于PHP中的安全文件下载,未经许可拒绝用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
