当前位置: 文江博客话题详情

表单提交后提供下载服务并进行验证

发布于 2024-12-05 19:18:07 字数 1662 浏览 3 评论 0原文

我在 .php 中一起创建了一个非常简单的下载代码兑换器(感谢这里的帮助),并且我很难弄清楚如果验证成功,提供下载的最佳方式是什么。基本上 -

用户输入无效代码 ->页面刷新并显示错误消息。 用户输入有效代码->给予下载“另存为”->刷新页面。

目前我正在使用 http://www.zubrag.com/scripts/download.php< /a> 来提供文件,但一旦开始下载,我的表单会刷新页面,但只加载一半内容?!

这是我用 PHP 脚本制作的表单。

<div class="dcrForm">
    <p>Have a physical copy of this release? Claim your digital download by entering your Download Code below.</p>
    <form  action="index.php" method="post">
        <input type="text" name="code" class="dcrInput" value="">
        <input type="submit" name="harrisSubmit" class="dcrSubmit" value="Submit">
    </form>
<?php
    include("scripts/dcr_config.php");
    $code="";
    $log="";

    if (isset($_POST['harrisSubmit']))
    {
        $code=$_POST['code'];

        $link = mysql_connect($hostname, $dbusername, $dbpassword);
        mysql_select_db("$databasename");

        $query = "select count from $harris where code='$code'";
        if ($q=mysql_query($query))
            if ($r=mysql_fetch_array($q)){
                if ($r[0]<3)
                {
                    $subquery="update $tbname set count='".($r[0]+1)."' where code='$code'";
                    mysql_query($subquery);
                    ?><script>window.location.href="download.php?f=test.txt";</script><?php
                }
            }
        $log="<p>Invalid code. Try Again.</p>";
    }
    echo $log."";
?>
</div>

有谁知道提供下载服务的最佳方式是什么?我知道目前任何拥有该文件位置的人都可以下载该文件,但我不确定如何保护我

原文

I have created together a pretty simple Download Code redeemer in .php (thanks to help from here) and am having a hard time trying to figure out what the best way to serve a download is if the validation is successful. Basically -

User enters invalid code -> Page is refreshed with error message.
User enters valid code -> Give download 'Save as' -> refresh page.

At the minute I'm using http://www.zubrag.com/scripts/download.php to serve the file but once it has started downloading, my form refreshes the page but only half loads the content?!

This is the form with the PHP script I did.

<div class="dcrForm">
    <p>Have a physical copy of this release? Claim your digital download by entering your Download Code below.</p>
    <form  action="index.php" method="post">
        <input type="text" name="code" class="dcrInput" value="">
        <input type="submit" name="harrisSubmit" class="dcrSubmit" value="Submit">
    </form>
<?php
    include("scripts/dcr_config.php");
    $code="";
    $log="";

    if (isset($_POST['harrisSubmit']))
    {
        $code=$_POST['code'];

        $link = mysql_connect($hostname, $dbusername, $dbpassword);
        mysql_select_db("$databasename");

        $query = "select count from $harris where code='$code'";
        if ($q=mysql_query($query))
            if ($r=mysql_fetch_array($q)){
                if ($r[0]<3)
                {
                    $subquery="update $tbname set count='".($r[0]+1)."' where code='$code'";
                    mysql_query($subquery);
                    ?><script>window.location.href="download.php?f=test.txt";</script><?php
                }
            }
        $log="<p>Invalid code. Try Again.</p>";
    }
    echo $log."";
?>
</div>

Does anyone have an ideas on what the best way to serve the download would be? I know that currently anyone who had the file location could download the file but I'm not sure how I could go about protecting i

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

一袭水袖舞倾城 2024-12-12 19:18:07

我很高兴你已经做到了这一步!

如果您要将用户重定向到下载脚本,则该脚本需要附加某种令牌以防止未经授权的下载,基本上是重新验证给定的代码或令牌。

在上面的脚本中,您可以这样做,而不是输出 javascript 重定向到下载脚本:

<?php

include "scripts/dcr_config.php";
$code = "";
$log  = "";

if (isset($_POST['harrisSubmit'])) {
    $code = trim($_POST['code']);

    $link = mysql_connect ( $hostname, $dbusername, $dbpassword );
    mysql_select_db ( "$databasename" );

    $code = mysql_real_escape_string($code); // very important! protects against exploits

    $query = "select count from $harris where code='$code'";
    if ($q = mysql_query ( $query )) {
        if ($r = mysql_fetch_array ( $q )) {
            if ($r [0] < 3) {
                $subquery = "update $tbname set count='" . ($r [0] + 1) . "' where code='$code'";
                mysql_query ( $subquery );

                $file = '/path/to/protecteddownload.txt';

                // send file to browser as a download dialog
                // no content can be output prior to these header() calls
                header('Content-type: application/octet-stream');
                header('Content-Disposition: attachment; filename="file.txt"');
                header('Content-Length: ' . filesize($file));
                header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
                header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");

                echo file_get_contents($file);
                exit; // terminate script
            } else {
                $log = 'Sorry, this code has already been redeemed.';
            }
        } else {
            $log = 'Invalid download code.  Try again.';
        }
    } else {
        // query failed
        $log = 'An error occurred validating your code, please try again later.';
    }

    $log = "<p>Invalid code. Try Again.</p>";
}

?>

<?php if (isset($log) && $log != ''): ?>
<strong class="error"><?php echo $log ?></strong>
<?php endif; ?>

<div class="dcrForm">
<p>Have a physical copy of this release? Claim your digital download by
entering your Download Code below.</p>
<form action="index.php" method="post"><input type="text" name="code"
    class="dcrInput" value=""> <input type="submit" name="harrisSubmit"
    class="dcrSubmit" value="Submit"></form>
</div>

下载脚本可能与我上面的一些脚本类似。
此示例的关键在于您使用 file_get_contents 提供的文件无法从网络访问。仅当输入有效代码时才发送。

I am glad you have made it this far!

If you are going to redirect the user to a download script, that script would need to have some sort of token attached to it as to prevent unauthorized downloads, basically re-verifying the code or token given.

In the above script, instead of outputting the javascript to redirect to the download script you could do this:

<?php

include "scripts/dcr_config.php";
$code = "";
$log  = "";

if (isset($_POST['harrisSubmit'])) {
    $code = trim($_POST['code']);

    $link = mysql_connect ( $hostname, $dbusername, $dbpassword );
    mysql_select_db ( "$databasename" );

    $code = mysql_real_escape_string($code); // very important! protects against exploits

    $query = "select count from $harris where code='$code'";
    if ($q = mysql_query ( $query )) {
        if ($r = mysql_fetch_array ( $q )) {
            if ($r [0] < 3) {
                $subquery = "update $tbname set count='" . ($r [0] + 1) . "' where code='$code'";
                mysql_query ( $subquery );

                $file = '/path/to/protecteddownload.txt';

                // send file to browser as a download dialog
                // no content can be output prior to these header() calls
                header('Content-type: application/octet-stream');
                header('Content-Disposition: attachment; filename="file.txt"');
                header('Content-Length: ' . filesize($file));
                header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
                header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");

                echo file_get_contents($file);
                exit; // terminate script
            } else {
                $log = 'Sorry, this code has already been redeemed.';
            }
        } else {
            $log = 'Invalid download code.  Try again.';
        }
    } else {
        // query failed
        $log = 'An error occurred validating your code, please try again later.';
    }

    $log = "<p>Invalid code. Try Again.</p>";
}

?>

<?php if (isset($log) && $log != ''): ?>
<strong class="error"><?php echo $log ?></strong>
<?php endif; ?>

<div class="dcrForm">
<p>Have a physical copy of this release? Claim your digital download by
entering your Download Code below.</p>
<form action="index.php" method="post"><input type="text" name="code"
    class="dcrInput" value=""> <input type="submit" name="harrisSubmit"
    class="dcrSubmit" value="Submit"></form>
</div>

The download script is probably similar to some of what I have above.
The key thing about this example is that the file you are serving with file_get_contents, is not accessible from the web. You only send it when a valid code is entered.

回复 原文
数理化全能战士 2024-12-12 19:18:07

我只有 1 个简单的问题,这个文件有多大?这是否是在将文件读取到浏览器时遇到 php 超时的情况?

您可以使用 php 设置来确认这一点 (http://php.net/manual/en/function.set-time-limit.php)。

只是我的2分钱

I have just 1 quick question, how big is this file? Could this be a case that the php timeout is being experienced while reading the file to the browser?

You could play around with the php settings to confirm this (http://php.net/manual/en/function.set-time-limit.php).

Just my 2 cents

回复 原文
~没有更多了~

关于作者

悲喜皆因你

暂无简介

0 文章
0 评论
837 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

已经忘了多久

文章 0 评论 0

15867725375

文章 0 评论 0

LonelySnow

文章 0 评论 0

走过海棠暮

文章 0 评论 0

轻许诺言

文章 0 评论 0

信馬由缰

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文