认证/拒绝访问目录中的文件用PHP [英] Authentication / Denying access to files in directory with php

问题描述

我有一个登录用户可以上传和访问文件的目录。某些文件是公开的，其他是私人 - 仅供内部访问。文件名和访问设置保存在数据库中。

I have a directory of files that logged-in users can upload to and access. Some of the files are public, and others are private - for internal access only. The filenames and access settings are saved in a database.

任何人可以给我一些资源或告诉我如何我可以使用会话数据为例（与htaccess的？），以允许私人文件只能访问经过授权的用户？

Can anybody give me some resources or show me an example of how i can use session data (and .htaccess?) to allow access of private files only to authorized users?

我想这可能是更容易保持公开文件在一个单独的，无保护的目录，但我想那种喜欢把一切融合在一起。

I'm thinking it might be easier to keep public documents in a seperate, unprotected directory, though i'd kind of like to keep everything together.

我不关心顶级的安全性和加密，文件是不是非常敏感，但我想保持他们在搜索引擎等被索引。

I'm not concerned about top-level security or encryption, as the files aren't terribly sensitive, but i want to keep them from being indexed on search engines, etc.

谢谢！

推荐答案

我想我不会用的.htaccess的（或任何类型的HTTP认证）的为：的.htaccess /。当你想允许/拒绝访问整个目录，而不是特定的文件htpasswd的是巨大的。

I suppose I wouldn't use a .htaccess (or any kind of HTTP-authentication) for that : .htaccess / .htpasswd are great when you want to allow/deny access to a whole directory, and not to specific files.

结果
相反，我会：

Instead, I would :

• 拒绝对文件进行任何访问 - 即使用的.htaccess 文件，其中包含从所有拒绝
  
  
  
  • 这样的话，没有人可以访问文件
  
  
  • 这意味着每个人都将用另一种方式来获得的文件，不是直接的URL。
  
  
  • Deny any access to the files -- i.e. use a .htaccess file, containing Deny from All
    • That way, no-one has access to the file
    • Which means everyone will have to use another way to get to the files, than a direct URL.
    
    
    • 收到的文件标识符的（文件名，例如;或一些标识符可以对应于文件）的
    
    
    • 验证用户的（有一些登录/密码字段）的，与存储在数据库中的数据
    
    
    • 如果用户是有效的，并已获得该文件的（这是不同的，如果用户没有访问同一组文件）的，阅读文件从PHP内容脚本，并把它的用户。
    
    
    • receive a file identifier (a file name, for instance ; or some identifier that can correspond to the file)
    • authenticate the users (with some login/password fields), against the data stored in the database
    • if the user is valid, and has access to the file (This is if different users don't have access to the same set of files), read the content of the file from your PHP script, and send it the the user.

    的好处是，你的PHP脚本可以访问DB - 这意味着它可以让用户登录，注销，它可以使用会话，...

    The advantage is that your PHP script has access to the DB -- which means it can allow users to log-in, log-out, it can use sessions, ...

    结果
    关于从PHP发送文件，这里有几个问题，可能带来一些轻：

    
    About the "send the file from PHP", here are a couple of questions that might bring some light :

    
    
    • Sending用PHP下载脚本
    正确的文件大小
    
    • Resumable下载使用PHP时，发送文件？
    
    
    • 迫使用php文件下载
    
    
    • Sending correct file size with PHP download script
    • Resumable downloads when using PHP to send the file?
    • forcing a file download with php

    这篇关于认证/拒绝访问目录中的文件用PHP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！