我会试图找出如何保护目录免受未授权或不autentificated用户下载文件。 预先感谢的。
I'll trying to figure out how to protect directory from unauthorized or not autentificated user to download files. Thank's in advance.
找不到一个很好的重复,而是一个小的搜索将出现的结果是这样的 PHP保护文件夹。
Can't find a good duplicate, but a little search will bring up results like this PHP protect a folder.
有一个简单的方法来限制基于使用PHP PHP会话授权文件夹的访问。它需要有效的授权sesssions创建存根文件(并自动予以删除)。在PHP中做的:
There is a simple way to restrict folder access based on PHP session authorization using php. It requires creating stub files for valid authorized sesssions (and automating their deletion). In PHP you do:
if ($user_has_permission_to_download)
{
touch("tmp/access-" . session_id());
}
然后一个简单的重写规则+的RewriteCond能接发球的授权:
Then a simple rewriterule+rewritecond can then serve for authorization:
RewriteCond %{HTTP_COOKIE} PHPSESSID=(w+)
RewriteCond ../tmp/access-%1 -f
RewriteRule ^(.+)$ $1 [L]
RewriteRule .+ /deny [L]
当找到了根据cookie值和第一座允许访问的授权存根文件存在。第二条规则阻止访问的任何人。
The first block permits access when the according cookie value is found and an authorization stub file exists. The second rule blocks access for anyone else.
上一篇:如何改写搜索引擎友好的URL像计算器计算器、友好、搜索引擎、URL
下一篇:mod_rewrite的用于URL变量,除去空参数和使用多于1field用于第一和第二变量变量、参数、mod_rewrite、URL