密码保护链接列表*和*密码保护文件访问
(我知道这可能是一个简单的问题,但我不知道该怎么做。很抱歉,如果之前有人问过这个问题。)
我想要什么。我想要位于服务器上的 filse 链接列表。这些文件是文档(pdf 文件)。我了解如何使用 PHP 来限制对链接列表的访问,但只需在浏览器中输入文件的直接链接并下载文件即可。所以我希望对 PHP 文件(链接列表)进行密码保护,并且让人们只输入一次密码。
我所拥有的。到目前为止,我有documents.php(在互联网上找到):
<?php
$username = "name";
$password = "5f4dcc3b5aa765d61d8327deb882cf99";
if ($_POST['txtUsername'] != $username || md5($_POST['txtPassword']) != $password) {
?>
<h1>Login</h1>
<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p><label for="txtUsername">Username:</label>
<br /><input type="text" title="Enter your Username" name="txtUsername" /></p>
<p><label for="txtpassword">Password:</label>
<br /><input type="password" title="Enter your password" name="txtPassword" /></p>
<p><input type="submit" name="Submit" value="Login" /></p>
</form>
<?php
}
else {
?>
<p>Link to documents</p>
<p><a href="http://example.com/folder/file.pdf">file.pdf</a></p>
<?php
}
?>
但是有了这个,人们就可以通过直接链接从浏览器访问该文件:http://example.com/folder/file.pdf。
我该如何预防这种情况?
(我对 PHP 和 javascript 以及基本的 HTML 很熟悉) 谢谢, 托马斯
(I know this is probably a simple question to answer, but I don't know how to do it. Sorry if this has been asked before.)
What I want. I want a list of links to filse that are located on the server. The files are documents (pdf files). I understand how to use PHP to restrict access to the list of links, but one could just enter the direct link to the files in the browser and download the files. So I want to have the PHP file password protected (the list of links) and have people only enter the password once.
What I have. So far I have documents.php (found on the internet):
<?php
$username = "name";
$password = "5f4dcc3b5aa765d61d8327deb882cf99";
if ($_POST['txtUsername'] != $username || md5($_POST['txtPassword']) != $password) {
?>
<h1>Login</h1>
<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p><label for="txtUsername">Username:</label>
<br /><input type="text" title="Enter your Username" name="txtUsername" /></p>
<p><label for="txtpassword">Password:</label>
<br /><input type="password" title="Enter your password" name="txtPassword" /></p>
<p><input type="submit" name="Submit" value="Login" /></p>
</form>
<?php
}
else {
?>
<p>Link to documents</p>
<p><a href="http://example.com/folder/file.pdf">file.pdf</a></p>
<?php
}
?>
But with this a person could just access the file from the browser with the direct link: http://example.com/folder/file.pdf.
How do I prevent a this?
(I am comfortable with PHP and javascript and basic HTML)
Thanks,
Thomas
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
通过 php 介导对文件的访问
将文档放在 Webroot 之外,并在 php 文件中保留它们的路径的命名数组。当客户端按名称请求文件时(在您对它们进行身份验证之后),请在数组中查找文件的路径,并从文件系统中读取该文件,然后将其内容输出回给它们。
这就是 readfile 的设计目的。
Mediate access to the files through php
Put the documents outside your webroot and keep a named array of the paths to them in your php file. When the client asks for a file by name (after you've authenticated them), look the file's path up in the array, and read the file from the filesystem, then output its contents back to them.
This is what readfile is designed for.
与 quasistoic 的答案类似 - 除了使用您的 Web 服务器(例如 Apache 或 nginx)为 PDF 文件提供受保护/内部 URL(因此不仅仅是 Webroot 中的静态 URL),然后使用 X-Sendfile (或者如果在 nginx 上,使用 X-Accel-Redirect) 标头来发送文件,而无需通过 PHP 流式传输文件。
Similar to quasistoic's answer - except use your web server (eg. Apache or nginx) to provide a protected/internal URL for the PDF files (so not just a static URL within your webroot), and then use the X-Sendfile (or if on nginx the X-Accel-Redirect) header to send the file without having to stream the file through PHP.