PHP - 保护数字下载
我正在研究如何保护 PHP 中的数字下载.只需要一些大致的方向,这样我就可以开始我的研究.我似乎找不到任何有用的东西.
I'm trying figure out how I can protect digital downloads in PHP. Just need some general directions so I can start my research. I don't seem to be able to find anything useful.
我想让我的用户可以下载文件,但不希望他们能够直接访问下载文件夹.另外,我希望下载链接只能在设定的时间段内或单次下载内使用.
I want to make files available for my users to download but don't want them to be able to directly access a download folder. Also, I want the download link to be available only for set period of time or a single download.
有人能指出我正确的方向吗?
Could some one point me in the right direction?
推荐答案
最好的方法是在您检查后将下载管理委托给 apache 的 mod
The best way is to delegate the download managment after your check to the mod for apache
x_sendfile
https://tn123.org/mod_xsendfile/
用法:
<?php
...
if ($user->isLoggedIn())
{
header("X-Sendfile: $path_to_somefile");
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename="$somefile"");
exit;
}
?>
<h1>Permission denied</h1>
<p>Login first!</p>
基本上,当您发送标头 X-Sendfile 时,mod 会拦截该文件并为您管理下载(该文件可以随时位于虚拟主机之外).
Basically when you send the header X-Sendfile the mod intercepts the file and manages the download for you (the file can be located whenever you want outside the virtualhost).
否则你可以只实现一个简单的文件download.php,它获取文件的id并在登录检查后用readfile
打印内容
Otherwise you can just implement a simple file download.php that gets the id of the file and prints the contents with readfile
after the login check
相关文章