PHP - 保护数字下载

2022-01-02 00:00:00 download php download-manager

我正在研究如何保护 PHP 中的数字下载.只需要一些大致的方向,这样我就可以开始我的研究.我似乎找不到任何有用的东西.

I'm trying figure out how I can protect digital downloads in PHP. Just need some general directions so I can start my research. I don't seem to be able to find anything useful.

我想让我的用户可以下载文件,但不希望他们能够直接访问下载文件夹.另外,我希望下载链接只能在设定的时间段内或单次下载内使用.

I want to make files available for my users to download but don't want them to be able to directly access a download folder. Also, I want the download link to be available only for set period of time or a single download.

有人能指出我正确的方向吗?

Could some one point me in the right direction?

推荐答案

最好的方法是在您检查后将下载管理委托给 apache 的 mod

The best way is to delegate the download managment after your check to the mod for apache

x_sendfile

https://tn123.org/mod_xsendfile/

用法:

<?php
...
if ($user->isLoggedIn())
{
    header("X-Sendfile: $path_to_somefile");
    header("Content-Type: application/octet-stream");
    header("Content-Disposition: attachment; filename="$somefile"");
    exit;
}
?>
<h1>Permission denied</h1>
<p>Login first!</p>

基本上,当您发送标头 X-Sendfile 时,mod 会拦截该文件并为您管理下载(该文件可以随时位于虚拟主机之外).

Basically when you send the header X-Sendfile the mod intercepts the file and manages the download for you (the file can be located whenever you want outside the virtualhost).

否则你可以只实现一个简单的文件download.php,它获取文件的id并在登录检查后用readfile打印内容

Otherwise you can just implement a simple file download.php that gets the id of the file and prints the contents with readfile after the login check

相关文章