i want to protect direct download (copy/paste link)on my website. I am sending the download link in email, link is like it is currently accessible on direct link entry ,but i want it to work only when email link is clicked and I know this can be done by checking the session variables but problem is that i do not have any login modules.
2条回答 默认 最新
- donglu2761 2016-05-26 23:08关注
You could create a special access token based on the client's IP if they have to download it within the same session.
e.g.
$downloadKey = md5($filename . '_' . $_SERVER['REMOTE_ADDR']); $_SESSION[$downloadKey] = $downloadKey; // Include download link with key=$downloadKey
Then the PHP code that handles the download of the ZIP can re-hash the client IP and filename requested to see if it matches the session value. If they match then the download can proceed.
$request = md5($requestedFilename . '_' . $_SERVER['REMOTE_ADDR']); if (isset($_SESSION[$request]) && file_exists($requestedFilename)) { { // stream file unset($_SESSION[$request]); } else { // 401 unauthorized }
This is assuming the zip file is not visible from the web already and that you are opening and streaming it from a PHP script.
本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏 举报
悬赏问题
- ¥15 南大pa1 小游戏没有界面,并且报了如下错误,尝试过换显卡驱动,但是好像不行
- ¥15 没有证书,nginx怎么反向代理到只能接受https的公网网站
- ¥50 成都蓉城足球俱乐部小程序抢票
- ¥15 yolov7训练自己的数据集
- ¥15 esp8266与51单片机连接问题(标签-单片机|关键词-串口)(相关搜索:51单片机|单片机|测试代码)
- ¥15 电力市场出清matlab yalmip kkt 双层优化问题
- ¥30 ros小车路径规划实现不了,如何解决?(操作系统-ubuntu)
- ¥20 matlab yalmip kkt 双层优化问题
- ¥15 如何在3D高斯飞溅的渲染的场景中获得一个可控的旋转物体
- ¥88 实在没有想法,需要个思路