Mik*_*ike 4 php pdf access-control download
我正在尝试向网站上的授权用户提供.pdf和.doc文件.用户只能在登录时看到文件选择页面,但这不会阻止未经授权的用户在知道完整URL时查看文档.
如何防止未经授权的用户访问这些文件?
答案很简单,@Jon Stirling在我打字时发布了这个,但我会为你解释一下
一个将您的文件放在公共html目录之外,
EG cpanel设置
user/public_html
/public_html/download.php
user/documents/
/documents/file.doc
/documents/file.pdf
@dhh发布了一个基本的download.phpphp文件,但是你想强行下载他们可以做的事情,比如找到并提供正确的mime类型,这是对他的代码的扩展,以强制下载文件的最佳方式,以及2允许不同的文件类型
的download.php
//check users is loged in and valid for download if not redirect them out
// YOU NEED TO ADD CODE HERE FOR THAT CHECK
// array of support file types for download script and there mimetype
$mimeTypes = array(
'doc' => 'application/msword',
'pdf' => 'application/pdf',
);
// set the file here (best of using a $_GET[])
$file = "../documents/file.doc";
// gets the extension of the file to be loaded for searching array above
$ext = explode('.', $file);
$ext = end($ext);
// gets the file name to send to the browser to force download of file
$fileName = explode("/", $file);
$fileName = end($fileName);
// opens the file for reading and sends headers to browser
$fp = fopen($file,"r") ;
header("Content-Type: ".$mimeTypes[$ext]);
header('Content-Disposition: attachment; filename="'.$fileName.'"');
// reads file and send the raw code to browser
while (! feof($fp)) {
$buff = fread($fp,4096);
echo $buff;
}
// closes file after whe have finished reading it
fclose($fp);
如果你想添加对其他文件的支持,这里的PS是mig类型的abig列表 http://www.hansenb.pdx.edu/DMKB/dict/tutorials/mime_typ.php
| 归档时间: |
|
| 查看次数: |
4513 次 |
| 最近记录: |