如何只允许特权用户使用 php 下载 pdf?
假设我的服务器上存储了一些 pdf 文件,我只想允许付费的人下载特定的 pdf 文件。
举个例子,假设我有一堆电子书。用户能够下载电子书 A 的唯一方法是他的帐户包含该特定书籍的正确凭据。
实现这一目标的最佳方法是什么?
非常感谢任何有关如何改进我的想法的想法/建议!
我当前的想法:
用户下订单
成功后,将出现一个新文件夹 由他们创造的 /account_num/order_id/ 的副本 特定文件将存储在 此目录
- 让 php 生成一个 .htaccess 只允许从 url 访问 包含嵌入的随机哈希 进入其中。
- 用户能够的唯一方法 访问这个随机散列页面是如果 他们以正确的用户身份登录, 并且哈希值与哈希值匹配 存储在数据库中,否则 他们被重定向到主页。
Lets say I have some pdf files stored on my server and I only want to allow a person who's paid have access to download a particular pdf.
So for an example, let's say I have a bunch of e-books. The only way a user would be able to download e-book A is if his account contains the right credentials for that particular book.
What's the best way to accomplish this?
Any ideas/advice on how to improve my idea are greatly appreciated!
My current idea:
A user places an order
Upon success, a new folder would be
created by their
/account_num/order_id/ A copy of the
particular file would be stored in
this directory- Have php generate an .htaccess that
would only allow access from a url
that contains a random hash embedded
into it. - The only way a user would be able to
access this random hashed page is if
they are signed in as the right user,
and the hash matches up with the hash
stored in the database, otherwise
they are redirected to home page.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
将 PDF 存储在文档根目录下。当有人想要下载 A.pdf 时,将他们引导至 PHP 页面,例如:
download.php?file=A.pdf
。编写 download.php 页面来检查请求用户的权限,如果权限足够好,则强制下载 A.pdf。Store the PDFs below the document root. When someone wants to download say, A.pdf, direct them to a PHP page like:
download.php?file=A.pdf
. Write that download.php page to check the requesting user's privileges, and force a download of A.pdf if their privileges are good enough.1) 将 PDF 保存在文档根目录之外,这样就没有人可以通过浏览器直接访问它们
2) 让 PHP 页面提供 PDF 文件,这样访问它们的唯一方法就是成功登录并验证,这在每个下载中强制执行
通过 PHP 下载文件的代码(请务必擦洗输入):
1) Keep the PDFs located outside of your document root so no one can acess them directly through a browser
2) Have a PHP page serve up the PDF file so the only way to get to them is by being successfully logged in and verified and this is enforced on every download
Code for downloading file though PHP (please be sure to scrub input):
将 PDF 存储在文档根目录之外(如果由于某些蹩脚的托管设置而无法实现,请将它们存储在难以猜测的地方)。
检查用户是否具有权限,然后执行以下操作:
您可能需要进一步调整标头,但这是基本想法。
Store the PDFs outside the document root (if not possible because of some lame hosting setup, store them someplace hard to guess).
Check that the user has permission, and then do something like:
You might need to adjust the headers further, but that's the basic idea.