将文件存放在根目录下
从我之前的讨论中,我得出了这样一个事实:如果将文件放在根目录下,它们是安全的。我与为我处理此问题的人交谈,他说如果我们阻止公共访问,那么上传其内容的用户将无法下载或查看他们的文件。给你一个我想做的例子:
如果我,网站的成员上传一个word文件到我的帐户,那么我应该能够回来下载它。但由于该文件夹阻止访问,如何下载该文件呢?
From my previous discussions here i took away the fact that files are secure if you put them under the root. I spoke with the person who handles this for me, he says if we block public access, then users who uploaded their content can't download or view their files. to give you an example of what i am trying to do:
If i, a member of the site upload to my account a word file, then i should be able to come back and download it. But because the folder is blocking access, how can the file then be downloaded?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
通常,您想要下载的文件应该位于文档根目录内或更深的位置。但是,如果您只想在某些时候下载文件(例如,您想首先检查用户凭据,或计算数据库中的下载次数),则可以编写下载脚本。最简单的形式如下:
请注意,有一种更好的方法,使用名为
xsendfile。这样,您可以执行以下操作:Apache 将看到第二个标头,将其剥离并发送 file.txt 的内容。好处是您的资源密集型 PHP 脚本将已经停止,并且您不会遇到任何类型的 PHP 时间或内存限制。
Normally, files that you want to be downloadable should be inside the document root or somewhere deeper inside it. But, if you only want to make files downloadable some of the time (e.g. you want to check user credetials first, or count downloads in a database), you can write a download script. The simplest form would be something like:
Note that there's an even better way using a special Apache module called
xsendfile. With that, you could do something like this:Apache will see the second header, strip it and send the contents of file.txt. The nice thing is that your resource intensive PHP script will already have stopped and you won't be running into any kind of PHP time or memory limits.
显然,您想要下载的文件应该存储在根目录或“之后”中。通常,您不希望其他人直接访问的文件应存储在根目录“下”。这是因为,如果您需要包含这些文件,您可以轻松返回根并使用
include()或require()获取它们,而它们是被用户隐藏,因为您的地址将显示为www.site.com/index.php。必须公开且需要公共访问(例如:下载)的文件不能存储在根目录“下”。
Obliviously files you want to make downloadable should be stored in the root or "after". Usually files you don't want others to access directly should be stored "under" the root. That's because if you need those files just to be included you can easily go back to the root and get them with an
include()or arequire(), while they are hidden by the user since your address will appear aswww.site.com/index.php.Files that have to be public and requires public access (for example: download) cannot be stored "under" the root.
您可以直接从 PHP 脚本将文件传递给用户。您需要 fpassthru 函数。但这个解决方案并不完美,并且会导致问题。我最好让您可以下载的文件放在公共访问目录中的某个位置(文档根目录或子目录中的某个位置)。或者您可以从子域为它们提供服务(甚至更好)。
You can pass files to user directly right from PHP script. You need fpassthru function. But this solution is not perfect and leads to problems. I'd better prefer make you files that should be downloadable to put somewhere in publicly accessed directory (somewhere in document root directory or subdirectory). Or you can serve them from subdomain (even better).