(I know this is probably a simple question to answer, but I don't know how to do it. Sorry if this has been asked before.)
(我知道这可能是一个简单的问题要回答,但我不知道该怎么做。对不起,如果以前曾经问过这个问题。)
What I want. I want a list of links to filse that are located on the server. The files are documents (pdf files). I understand how to use PHP to restrict access to the list of links, but one could just enter the direct link to the files in the browser and download the files. So I want to have the PHP file password protected (the list of links) and have people only enter the password once.
我想要的是。我想要一个位于服务器上的filse链接列表。文件是文件(pdf文件)。我理解如何使用PHP来限制对链接列表的访问,但是可以只输入浏览器中文件的直接链接并下载文件。所以我希望保护PHP文件密码(链接列表)并让人们只输入一次密码。
What I have. So far I have documents.php (found on the internet):
是)我有的。到目前为止,我有documents.php(在互联网上找到):
<?php
$username = "name";
$password = "5f4dcc3b5aa765d61d8327deb882cf99";
if ($_POST['txtUsername'] != $username || md5($_POST['txtPassword']) != $password) {
?>
<h1>Login</h1>
<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p><label for="txtUsername">Username:</label>
<br /><input type="text" title="Enter your Username" name="txtUsername" /></p>
<p><label for="txtpassword">Password:</label>
<br /><input type="password" title="Enter your password" name="txtPassword" /></p>
<p><input type="submit" name="Submit" value="Login" /></p>
</form>
<?php
}
else {
?>
<p>Link to documents</p>
<p><a href="http://example.com/folder/file.pdf">file.pdf</a></p>
<?php
}
?>
But with this a person could just access the file from the browser with the direct link: http://example.com/folder/file.pdf.
但有了这个,一个人可以直接从浏览器访问该文件:http://example.com/folder/file.pdf。
How do I prevent a this?
我该如何防止这种情况发生?
(I am comfortable with PHP and javascript and basic HTML) Thanks, Thomas
(我对PHP和javascript以及基本HTML感到满意)谢谢,Thomas
2 个解决方案
#1
2
Mediate access to the files through php
通过php调解对文件的访问
Put the documents outside your webroot and keep a named array of the paths to them in your php file. When the client asks for a file by name (after you've authenticated them), look the file's path up in the array, and read the file from the filesystem, then output its contents back to them.
将文档放在webroot之外,并在php文件中保留一个命名的路径数组。当客户端按名称请求文件时(在对它们进行身份验证之后),查看文件在数组中的路径,并从文件系统中读取文件,然后将其内容输出回它们。
This is what readfile is designed for.
这就是readfile的设计目标。
#2
3
Similar to quasistoic's answer - except use your web server (eg. Apache or nginx) to provide a protected/internal URL for the PDF files (so not just a static URL within your webroot), and then use the X-Sendfile (or if on nginx the X-Accel-Redirect) header to send the file without having to stream the file through PHP.
与quasistoic的答案类似 - 除了使用您的Web服务器(例如Apache或nginx)为PDF文件提供受保护/内部URL(因此不仅仅是您的webroot中的静态URL),然后使用X-Sendfile(或者如果在nginx上的X-Accel-Redirect)标头发送文件而不必通过PHP流式传输文件。
#1
2
Mediate access to the files through php
通过php调解对文件的访问
Put the documents outside your webroot and keep a named array of the paths to them in your php file. When the client asks for a file by name (after you've authenticated them), look the file's path up in the array, and read the file from the filesystem, then output its contents back to them.
将文档放在webroot之外,并在php文件中保留一个命名的路径数组。当客户端按名称请求文件时(在对它们进行身份验证之后),查看文件在数组中的路径,并从文件系统中读取文件,然后将其内容输出回它们。
This is what readfile is designed for.
这就是readfile的设计目标。
#2
3
Similar to quasistoic's answer - except use your web server (eg. Apache or nginx) to provide a protected/internal URL for the PDF files (so not just a static URL within your webroot), and then use the X-Sendfile (or if on nginx the X-Accel-Redirect) header to send the file without having to stream the file through PHP.
与quasistoic的答案类似 - 除了使用您的Web服务器(例如Apache或nginx)为PDF文件提供受保护/内部URL(因此不仅仅是您的webroot中的静态URL),然后使用X-Sendfile(或者如果在nginx上的X-Accel-Redirect)标头发送文件而不必通过PHP流式传输文件。