I am having a personal portfolio website and i have a some pdf files like
我有一个个人作品集网站,我有一些pdf文件像
<a href="file.pdf">Some file</a>
I dont want everyone to download the file, and i want it to protect it with password,so that i can share it with only the people i know
我不希望每个人都下载这个文件,我希望它用密码保护它,这样我就可以只和我认识的人分享了
where only the person who gives the correct password is able to download my file
只有给出正确密码的人才能下载我的文件
Note: 1. since its a personal portfolio website it do not have any "LOGIN's"
2. I have designed the webpage with HTML as a responsive code
注意:1。由于它是一个个人投资组合网站,它没有任何“登录的”2。我用HTML设计了网页作为响应代码。
Your suggestions please, any way of doing it without .htaccess ??
请问您的建议,没有。htaccess怎么办?
4 个解决方案
#1
1
Use MySQL or MySQLite - depending on your preference - and store the link to the PDF in the database. Then use a script such as download.php. Store a password for the file in the database and require the user to enter it before the file is downloaded. If you're unfamiliar with databases you COULD do it all in PHP.
使用MySQL或sqmylite(取决于您的喜好),并在数据库中存储到PDF的链接。然后使用一个脚本,比如download.php。在数据库中存储文件的密码,并要求用户在下载文件之前输入该密码。如果你不熟悉数据库,你可以用PHP来做。
A VERY rough mockup (Without a database, if you are familiar with dbs, adjust accordingly)
一个非常粗略的模型(没有数据库,如果您熟悉dbs,请相应地进行调整)
HTML Form
HTML表单
<form name="download" id="download" method="post" action="download.php">
<input type="password" id="password" name="password" />
<input type="submit" id="submit" value="Download" />
</form>
PHP (download.php)
PHP(download.php)
<?php
// Get the password
$pw = md5($_POST['password']);
// Compare against the stored password
$valid_pw = md5("your password you want to use");
if($pw != $valid_pw){
echo "Error! You do not have access to this file";
}else{
header("Location: /path/to/your/file.pdf");
}
?>
NOTES:
注:
I used an extremely basic method of encrypting the password. I would research better methods if this was my application but for the sake of brevity and ease of understanding, I used a simple md5() hash comparison.
我使用了一种非常基本的加密密码的方法。如果这是我的应用程序,我将研究更好的方法,但是为了简洁和易于理解,我使用了一个简单的md5()散列比较。
#2
4
You need to use a php file to feed the file through where the pdf files are stored in a NON PUBLIC folder.
您需要使用一个php文件来通过将pdf文件存储在非公共文件夹中的位置来提供该文件。
For example, put your pdfs in a non public accessible directory, let's say: /home/pdfs/
例如,将pdfs放在非公共可访问的目录中,例如:/home/pdfs/
And your PHP script in a public accessble directory, let's say: /home/public_html/
而PHP脚本位于公共可访问目录中,例如:/home/public_html/
Inside the script in the public directory put:
在公共目录中的脚本中放置:
if (isset($_GET('password')) {
die('wrong password');
}
if ($_GET['password'] != 'mypass') {
die('wrong password');
}
$file="/home/pdfs/test.pdf";
header("Pragma: public");
header('Content-disposition: attachment; filename='.$file);
header("Content-type: ".mime_content_type($file));
header('Content-Transfer-Encoding: binary');
ob_clean();
flush();
readfile($file);
Use GET values to determine the file to download, but to ensure better security only allow .pdf extensions, strip all other periods and slashes to prevent them from traversing the directories of your server and being given important security files containing passwords etc!!! To be even safer still only name your pdf files using characters a-z 0-9 and - or _
使用GET值来确定要下载的文件,但是为了确保更好的安全性,只允许.pdf扩展名,删除所有其他期间和斜杠,以防止它们遍历服务器的目录,并获得包含密码的重要安全文件等等!更安全的是,仍然只使用字符a-z 0-9和-或_命名您的pdf文件
And then when you wish to download a file craft the correct URL to the script above, and ensure the pdf file exists in the non public directory.
然后,当您希望下载一个文件时,请创建上面脚本的正确URL,并确保pdf文件存在于非公共目录中。
#3
3
Follow @rsmith84's tips but make sure you block folder access:
遵循@rsmith84的提示,但要确保阻止文件夹访问:
Apache .htaccess file
Apache . htaccess文件
Deny from all
IIS web.config file
IIS web。配置文件
<system.webServer>
<security>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" roles="Administrators" />
</authorization>
</security>
</system.webServer>
Thenh allow delivery only with a PHP file. Verify user and then do readfile('/protectd/file/path') from your protected folder.
只有PHP文件才允许交付。验证用户,然后从受保护文件夹做readfile('/protectd/file/path')。
#4
2
Create a php file say, download.php and link to that file instead.
You can check for correct password there, and if it's correct, you can write the contents of the PDF file to the response.
创建一个php文件说,下载。php和链接到那个文件。您可以在那里检查正确的密码,如果是正确的,您可以将PDF文件的内容写入响应。
#1
1
Use MySQL or MySQLite - depending on your preference - and store the link to the PDF in the database. Then use a script such as download.php. Store a password for the file in the database and require the user to enter it before the file is downloaded. If you're unfamiliar with databases you COULD do it all in PHP.
使用MySQL或sqmylite(取决于您的喜好),并在数据库中存储到PDF的链接。然后使用一个脚本,比如download.php。在数据库中存储文件的密码,并要求用户在下载文件之前输入该密码。如果你不熟悉数据库,你可以用PHP来做。
A VERY rough mockup (Without a database, if you are familiar with dbs, adjust accordingly)
一个非常粗略的模型(没有数据库,如果您熟悉dbs,请相应地进行调整)
HTML Form
HTML表单
<form name="download" id="download" method="post" action="download.php">
<input type="password" id="password" name="password" />
<input type="submit" id="submit" value="Download" />
</form>
PHP (download.php)
PHP(download.php)
<?php
// Get the password
$pw = md5($_POST['password']);
// Compare against the stored password
$valid_pw = md5("your password you want to use");
if($pw != $valid_pw){
echo "Error! You do not have access to this file";
}else{
header("Location: /path/to/your/file.pdf");
}
?>
NOTES:
注:
I used an extremely basic method of encrypting the password. I would research better methods if this was my application but for the sake of brevity and ease of understanding, I used a simple md5() hash comparison.
我使用了一种非常基本的加密密码的方法。如果这是我的应用程序,我将研究更好的方法,但是为了简洁和易于理解,我使用了一个简单的md5()散列比较。
#2
4
You need to use a php file to feed the file through where the pdf files are stored in a NON PUBLIC folder.
您需要使用一个php文件来通过将pdf文件存储在非公共文件夹中的位置来提供该文件。
For example, put your pdfs in a non public accessible directory, let's say: /home/pdfs/
例如,将pdfs放在非公共可访问的目录中,例如:/home/pdfs/
And your PHP script in a public accessble directory, let's say: /home/public_html/
而PHP脚本位于公共可访问目录中,例如:/home/public_html/
Inside the script in the public directory put:
在公共目录中的脚本中放置:
if (isset($_GET('password')) {
die('wrong password');
}
if ($_GET['password'] != 'mypass') {
die('wrong password');
}
$file="/home/pdfs/test.pdf";
header("Pragma: public");
header('Content-disposition: attachment; filename='.$file);
header("Content-type: ".mime_content_type($file));
header('Content-Transfer-Encoding: binary');
ob_clean();
flush();
readfile($file);
Use GET values to determine the file to download, but to ensure better security only allow .pdf extensions, strip all other periods and slashes to prevent them from traversing the directories of your server and being given important security files containing passwords etc!!! To be even safer still only name your pdf files using characters a-z 0-9 and - or _
使用GET值来确定要下载的文件,但是为了确保更好的安全性,只允许.pdf扩展名,删除所有其他期间和斜杠,以防止它们遍历服务器的目录,并获得包含密码的重要安全文件等等!更安全的是,仍然只使用字符a-z 0-9和-或_命名您的pdf文件
And then when you wish to download a file craft the correct URL to the script above, and ensure the pdf file exists in the non public directory.
然后,当您希望下载一个文件时,请创建上面脚本的正确URL,并确保pdf文件存在于非公共目录中。
#3
3
Follow @rsmith84's tips but make sure you block folder access:
遵循@rsmith84的提示,但要确保阻止文件夹访问:
Apache .htaccess file
Apache . htaccess文件
Deny from all
IIS web.config file
IIS web。配置文件
<system.webServer>
<security>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" roles="Administrators" />
</authorization>
</security>
</system.webServer>
Thenh allow delivery only with a PHP file. Verify user and then do readfile('/protectd/file/path') from your protected folder.
只有PHP文件才允许交付。验证用户,然后从受保护文件夹做readfile('/protectd/file/path')。
#4
2
Create a php file say, download.php and link to that file instead.
You can check for correct password there, and if it's correct, you can write the contents of the PDF file to the response.
创建一个php文件说,下载。php和链接到那个文件。您可以在那里检查正确的密码,如果是正确的,您可以将PDF文件的内容写入响应。