Web应用程序 - 限制对上载文件的访问

时间:2021-05-02 16:02:05

I have a problem. I am developing a web application and will be uploaded files for the staff (ie: resume, criminal record check, etc). These files get a name that includes the time, name of staff and type of file similar to: John_Doe_Resume_12-12-12-16:36:23.PDF. So all the files will be in a directory, so this file could be accessed directly by inputting the file path into the browser.

我有个问题。我正在开发一个Web应用程序,并将上传员工的文件(即:简历,犯罪记录检查等)。这些文件的名称包括时间,人员姓名和文件类型,类似于:John_Doe_Resume_12-12-12-16:36:23.PDF。因此所有文件都将位于目录中,因此可以通过将文件路径输入浏览器来直接访问此文件。

I still need to be able to access these files from within the PHP web application to download when I need them. One possible solution I thought of was to store the file information in mysql but this would be a lot of work and extra server load.

我仍然需要能够从PHP Web应用程序中访问这些文件,以便在需要时下载。我想到的一个可能的解决方案是将文件信息存储在mysql中,但这将是很多工作和额外的服务器负载。

Is there a way to restrict access to a directory so only the PHP web application can access them? (ie: so people cannot directly input the file url to download)

有没有办法限制对目录的访问,所以只有PHP Web应用程序可以访问它们? (即:所以人们不能直接输入文件url下载)

1 个解决方案

#1


0  

You have to put

你必须把

deny from all

in your .htaccess file. Put this file in the directory you which to be unreachable by direct url. Your php scripts will be able to get in the directory since .htaccess is influencing apache

在.htaccess文件中。将此文件放在直接URL无法访问的目录中。你的php脚本将能够进入目录,因为.htaccess正在影响apache

In php you do

在PHP你做

$filename = "yourfilename.pdf";
$filepath = "./../rel_path_to_restricted_folder/";


if(file_exists($filepath . $filename))
{
    header('Content-disposition: attachment; '. $filename);
    header('Content-type: ' . mime_content_type($filepath . $filename));
    readfile($filepath . $filename);
}
else
{

    echo("File not found"); 
}

Voilà ;)

Voilà;)

#1


0  

You have to put

你必须把

deny from all

in your .htaccess file. Put this file in the directory you which to be unreachable by direct url. Your php scripts will be able to get in the directory since .htaccess is influencing apache

在.htaccess文件中。将此文件放在直接URL无法访问的目录中。你的php脚本将能够进入目录,因为.htaccess正在影响apache

In php you do

在PHP你做

$filename = "yourfilename.pdf";
$filepath = "./../rel_path_to_restricted_folder/";


if(file_exists($filepath . $filename))
{
    header('Content-disposition: attachment; '. $filename);
    header('Content-type: ' . mime_content_type($filepath . $filename));
    readfile($filepath . $filename);
}
else
{

    echo("File not found"); 
}

Voilà ;)

Voilà;)