通过 PHP 保护 zip + SQL
无需深入了解网站其余部分的太多细节,我有一个非常标准的用户设置,其中包含用户表、ID、名称、密码等。有些用户是“免费”用户,有些用户是通过 paypal 付费的,这是由“user_premium”表为 1 或 0。
我想要做的是仅允许在用户有高级版的情况下下载 zip 文件。显然,如果他们不这样做,我可以隐藏页面上的链接,但他们仍然可以直接访问domain.com/myfile.zip。
我尝试阻止通过 htaccess 直接访问 zip,并在 PHP 脚本中使用 fpassthru 来访问该文件,例如(动态示例代码)
if($user->can_download()) { $fp = fopen('myfile.zip', 'rb'); header("Content-Type: application/zip"); fpassthru($fp); } else { redirect('domain.com/premium.html'); }
但是每次都会出现内存耗尽错误(文件为 4GB)。
还有其他办法解决这个问题吗?
Without going in to, too much detail about the rest of the site I have a pretty standard user setup with a users table, id, name, password etc. Some users are "free" users and some have paid through paypal this is set by the "user_premium" table as a 1 or 0.
What I want to do is only allow the download of a zip file if the user has premium. Obviously I can hide the link on my pages if they don't, but they can still access domain.com/myfile.zip directly.
I tried blocking direct access to the zip via htaccess and used fpassthru in a PHP script to get access to the file e.g. (on the fly example code)
if($user->can_download()) { $fp = fopen('myfile.zip', 'rb'); header("Content-Type: application/zip"); fpassthru($fp); } else { redirect('domain.com/premium.html'); }
However I got memory exhausted errors each time (the file is 4GB).
Is there another way around this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您应该考虑使用 Apache
mod_xsendfile
而不是fopen
。使用 xsendfile,您可以使用 HTTP 标头进行响应,其中包含服务器上文件的路径,Apache 会直接将该文件获取并提供给用户的浏览器,从而允许您的 PHP 脚本完成执行。您可以在此处找到有关
mod_xsendfile
的入门指南:http://codeutopia.net/blog/2009/03/06/sending-files-better-apache-mod_xsendfile-and-php/You should look into using Apache
mod_xsendfile
instead offopen
. Withxsendfile
, you respond with an HTTP header with the path to the file on your server, which Apache scoops up and serves the file to the user's browser directly, allowing your PHP script to complete execution.You can find a great guide for getting started with
mod_xsendfile
here: http://codeutopia.net/blog/2009/03/06/sending-files-better-apache-mod_xsendfile-and-php/来自 php 文档中的注释。
From comments in the php doc.