如何使用php阻止公开的文件下载？ [英] How do I prevent public downloads of files using php?

问题描述

我有一个脚本，只允许授权用户将文件上传到某个文件夹。

I have a script that allows only authorised users to upload files to a certain folder.

然而，我不知道如何防止人们自由下载，而无需登录。

However I do not know how to prevent people from downloading freely without login.

我需要PHP中的解决方案。

I need the solution in php.

我已经google了，但还没有直截了当。

I have googled around but nothing straight forward as yet.

目前在我的文档根目录中有一个文件夹在管理员中称为管理员和一个名为uploads的子文件夹。所以只有管理角色才能上传。编辑和管理员都可以下载。在这种情况下应该怎么办？

Currently in my document root I have a folder called admin and a subfolder called uploads inside the admin. So only admin role can upload. Both editor and admin can download. What should I do in this case?

请指教。

推荐答案

将文件放在公共webroot目录之外的某个地方，或将服务器配置为不提供文件。只要您的服务器将乐意为一切提供有效的URL服务，您就无法使用PHP来防止这种情况。

Put the files somewhere outside the public webroot directory, or configure your server to not serve the files. As long as your server will happily serve everything with a valid URL, there's nothing you can do with PHP to prevent that.

如果您的文件位于 / public_html / 文件夹中，请将其从该文件夹中取出，并将它们放在 / secret_files / ，所以你的目录结构看起来像这样：

If your files are in the /public_html/ folder, take them out of that folder and place them in e.g. /secret_files/, so your directory structure looks something like this:

public_html/
    index.html
    admin/
        admin_index.php
secret_files/
    my_secret_file.txt

网络服务器仅配置为在 / public_html / 目录中提供文件，因此没有人可以访问目录 （技术术语 ）

The webserver is only configured to serve files in the /public_html/ directory, so nobody will have access to directories outside (technical term above) it.

为了仍然允许某人下载这些文件，请以cletus建议和使用 readfile 通过PHP手动提供文件脚本。 PHP仍然可以访问文件系统的这些其他部分，因此您可以将其用作守门人。

To still enable somebody to download those files, do as cletus suggests and use readfile to "manually serve" the files via a PHP script. PHP will still have access to these other parts of the file system, so you can use it as a gatekeeper.

这篇关于如何使用php阻止公开的文件下载？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！