当前位置：文江博客话题详情

如何防止显示文件位置？

发布于 2024-11-25 05:39:37 字数 68 浏览 1 评论 0原文

我允许用户将文档上传到服务器。但是，我不希望他们明显看到文件的存储位置。我能做什么才能让他们仍然获取文件但看不到文件位置。

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

笑梦风尘 2024-12-02 05:39:37

您可以使用 PHP 查询来完成此操作，假设您使用以下 URL：

http://mysite.com/files.php?file=xyz.pdf

在 files.php 中，您可以检查 get 变量文件并使用硬编码函数来检索该文件。您可以通过多种方式执行此操作，其中之一是使用标头强制下载或将文件读入 var 并将其内容打印到页面。例如，像 pdf 一样，读取文件并将其打印到页面与将其链接到文件相同。

但警告：与使用标题一样，除了文件之外，不会将任何内容打印到页面上。我还建议您在阅读文件并打印文件时仍然声明标题，这样最终用户就不会得到文件源（即 jpg 或 pdf）的冗长内容。

哦不，我忘记了标题警告，自从 Adobe 为 PDF 开源制作 ISO 以来，我一直遇到标题问题，具体取决于生成 PDF 的应用程序以及用户从中上传 PDF 的浏览器，标头可以是以下任何内容：

'application/pdf', 'application/x-download','application/octet-stream','application/octet','binary/octet-stream'

所以要小心地将上传部分硬编码为标头类型，我知道这个问题是关于下载的，但我只是想我会把它扔在那里。另外，使用标题进行下载并不重要，我会简单地使用那里的标准应用程序/pdf。

You can use a PHP query to accomplish this, lets say you use the following URL:

http://mysite.com/files.php?file=xyz.pdf

In files.php you can check the get variable file and have a hard coded function that retrieves the file. You can do this many ways one by using headers to force a download or read the file into a var and print it's contents to the page. For say like a pdf reading the file and printing it to the page is the same as linking it to the file.

warning though: like with using headers do not print anything to the page except the file. I also recommend declairing you headers still if you read the file and print it so that the end user will not get the gobbly goop that is the source of the file i.e. jpg or pdf.

Oh no, I forgot a header warning, I have been running into a header problem ever since Adobe made the ISO for PDF's open source, depending on the application that produced the PDF and the browser from which the user is uploading the PDF from, the header will be anything from:

'application/pdf', 'application/x-download','application/octet-stream','application/octet','binary/octet-stream'

so be careful hard coding the upload section to a header type, I know this question is about downloads but i just thought i would throw that in there. Also using headers for downloads doesn't matter I would simply use the standard application/pdf there.

回复收藏 0 原文

爺獨霸怡葒院 2024-12-02 05:39:37

有几种方法可以做到这一点，但我更喜欢使用 .htaccess

所以我的链接看起来像 http://example.com/files/filename.zip
url 中的额外参数可以使用用户名或密码，例如：

 http://example.com/files/bob/filename.zip

 http://example.com/files/18d52c/filename.zip

然后可以根据数据库进行检查，看看是否允许用户下载该特定文件，就像付款后即时下载一样。但这是一个基本方法会像这样：

.htaccess

RewriteRule ^files/(.*)$ serve.php?file=$1

serve.php

<?php 
 if(isset($_GET['file'])){
    $file=basename($_GET['file']);
    //Protect the index.php && serve.php
    if(basename($_GET['file'])=='index.php' || basename($_GET['file'])=='serve.php'){
        header("HTTP/1.1 403 Forbidden");die();
    }
    $downloadFolder="original_location/";
    if(file_exists($downloadFolder.$file)){

        $fsize = filesize($downloadFolder.$file);
        $ctype=finfo_file(finfo_open(FILEINFO_MIME_TYPE), $downloadFolder.$file);

        if(ini_get('zlib.output_compression'))
        ini_set('zlib.output_compression', 'Off');

        header("Pragma: public");
        header("Expires: 0");
        header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
        header("Cache-Control: private",false);
        if(strstr($_SERVER["HTTP_USER_AGENT"],"MSIE")==false) {
            header("Content-Type: application/force-download");
            header('Content-Description: File Transfer');
        }else{
            header("Content-Type: $ctype");
        }
        header("Content-Disposition: attachment; filename=\"".basename($file)."\";" );
        header("Content-Transfer-Encoding: binary");
        header("Content-Length: ".$fsize);

        ob_clean();
        flush();
        readfile('original_location/'.$file);
    }else{
        header("HTTP/1.0 404 Not Found");
    }
    die();
 }
 header("HTTP/1.0 404 Not Found");
?>

original_location/index.php

header("HTTP/1.1 403 Forbidden");

There are a few ways todo this but i prefer using .htaccess

So my link would look like http://example.com/files/filename.zip
extra parameters within the url could be used a username or password like:

 http://example.com/files/bob/filename.zip

 http://example.com/files/18d52c/filename.zip

Then thos could be checked against a database to see if user is allowed to download that specific file, much like you would use for instant downloads after payment.. but a basic method would be like so:

.htaccess

RewriteRule ^files/(.*)$ serve.php?file=$1

serve.php

<?php 
 if(isset($_GET['file'])){
    $file=basename($_GET['file']);
    //Protect the index.php && serve.php
    if(basename($_GET['file'])=='index.php' || basename($_GET['file'])=='serve.php'){
        header("HTTP/1.1 403 Forbidden");die();
    }
    $downloadFolder="original_location/";
    if(file_exists($downloadFolder.$file)){

        $fsize = filesize($downloadFolder.$file);
        $ctype=finfo_file(finfo_open(FILEINFO_MIME_TYPE), $downloadFolder.$file);

        if(ini_get('zlib.output_compression'))
        ini_set('zlib.output_compression', 'Off');

        header("Pragma: public");
        header("Expires: 0");
        header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
        header("Cache-Control: private",false);
        if(strstr($_SERVER["HTTP_USER_AGENT"],"MSIE")==false) {
            header("Content-Type: application/force-download");
            header('Content-Description: File Transfer');
        }else{
            header("Content-Type: $ctype");
        }
        header("Content-Disposition: attachment; filename=\"".basename($file)."\";" );
        header("Content-Transfer-Encoding: binary");
        header("Content-Length: ".$fsize);

        ob_clean();
        flush();
        readfile('original_location/'.$file);
    }else{
        header("HTTP/1.0 404 Not Found");
    }
    die();
 }
 header("HTTP/1.0 404 Not Found");
?>

original_location/index.php