文件下载登录保护与会话 [英] File Download Login Protection with Session
问题描述
我想使用会话认证来保护一些文件。有些文件可以由用户查看,有些文件可能不是。
I'd like to protect some files with a session Authentication. Some files can be viewed by users, some not.
我用mod_rewrite和readfile()引发了一个解决方案。我的问题是这个功能会使用很多的ram,而当更多的用户下载文件时,服务器会关闭。
I've impelemented a solution with mod_rewrite and readfile(). My problem is that this function will use a lot of ram and the server goes down when more users download files.
我尝试过:
1)文件通过php处理程序并使用前置函数。它不起作用,因为当前置php文件完成处理程序处理文件,在我的情况下,由于无效的ASCII字符处理程序被阻止。我无法设法阻止处理程序处理,但输出文件。
2)将会话,ip和文件夹名称放在临时文件中,我试图检查我的nginx.conf以排除重写。我失败了,因为我无法仅将nginx中的文件夹名称提取到一个变量中。
I tried this: 1) Pass a file trough the php handler and use the prepend function. It doesn't work because when the prepend php file finished the handler process the file, and in my case the handler was blocked because of invalid ASCII chars. I couldn't manage to stop the handler from processing but output the file. 2) Put the session, ip and the folder name in a temporary file what I tried to check in my nginx.conf to exclude from rewriting. I failed because I was not able to extract only the folder name in nginx into a variable.
我如何解决这个问题?有人有建议吗?
How can I solve this problem? Has anyone a suggestion?
谢谢
推荐答案
如果我明白问题正确,您正在尝试创建一个系统,只允许授权用户查看某些文件,其他用户可以查看其他文件。
If I understand the question correctly, you are trying to create a system that only allows authorised users to view certain files, and other users to view other files.
如果我的理解正确,那么我将个人将文件存储在根上方或安全位置,然后在URL中具有唯一标识符(例如fetch_file.php?uid = 1234)的访问脚本(例如fetch_file.php)。
If my understanding is correct, then I would personally store the files above the root or in a secure location, and then have an access script (such as fetch_file.php) with a unique identifier in the URL (e.g. fetch_file.php?uid=1234).
如果用户有权访问唯一ID为1234的文件;从数据库中的位置详细信息提供文件,否则拒绝该请求。
If the user is authorised to access the file with the unique id of 1234; provide the file from the location details within the database, otherwise deny the request.
这样,用户无法访问该文件,而不具有正确的权限,因为它已被存储安全地在根部上方,不能从互联网进入。
This way, the user can not access the file without the correct permissions, as it is stored securely above the root which should not be accessible from the internets.
这篇关于文件下载登录保护与会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
