我会试图找出如何保护目录免受未授权或不autentificated用户下载文件。 预先感谢的。

I'll trying to figure out how to protect directory from unauthorized or not autentificated user to download files. Thank's in advance.

推荐答案

找不到一个很好的重复，而是一个小的搜索将出现的结果是这样的 PHP保护文件夹。

Can't find a good duplicate, but a little search will bring up results like this PHP protect a folder.

有一个简单的方法来限制​​基于使用PHP PHP会话授权文件夹的访问。它需要有效的授权sesssions创建存根文件（并自动予以删除）。在PHP中做的：

There is a simple way to restrict folder access based on PHP session authorization using php. It requires creating stub files for valid authorized sesssions (and automating their deletion). In PHP you do:

if ($user_has_permission_to_download)
{
   touch("tmp/access-" . session_id()); 
}

然后一个简单的重写规则+的RewriteCond能接发球的授权：

Then a simple rewriterule+rewritecond can then serve for authorization:

RewriteCond %{HTTP_COOKIE}        PHPSESSID=(w+)
RewriteCond ../tmp/access-%1      -f 
RewriteRule ^(.+)$  $1  [L]

RewriteRule .+  /deny   [L]

当找到了根据cookie值和第一座允许访问的授权存根文件存在。第二条规则阻止访问的任何人​​。

The first block permits access when the according cookie value is found and an authorization stub file exists. The second rule blocks access for anyone else.