I have uploaded some zip files to my server and now want to allow a user to download them if he/she has an appropriate password. I'm coding in PHP and I've made it so a user cannot access the page with the links to zip files unless the proper password has been entered, but by having a link to my zip file the user could just see and in future cases type in the absolute location of the zip file and bypass my password checks. If I change the file permissions on the zip file then I can't have it as a link because the user won't be able to access it. How can I allow the user to get the zip file while still keeping it secure? Any suggestions would be much appreciated.
3条回答 默认 最新
- dqoys62082 2012-08-23 06:48关注
The best way to do this is to
mask url
.- user logins
- generate a token based on his login details. some
md5
or whatever you decide - create a download link (eg:
download.php
) that load the file based on valid token and session and get's the file withfile_get_contents()
.
解决 无用评论 打赏 举报
悬赏问题
- ¥15 多址通信方式的抗噪声性能和系统容量对比
- ¥15 winform的chart曲线生成时有凸起
- ¥15 msix packaging tool打包问题
- ¥15 finalshell节点的搭建代码和那个端口代码教程
- ¥15 用hfss做微带贴片阵列天线的时候分析设置有问题
- ¥15 Centos / PETSc / PETGEM
- ¥15 centos7.9 IPv6端口telnet和端口监控问题
- ¥20 完全没有学习过GAN,看了CSDN的一篇文章,里面有代码但是完全不知道如何操作
- ¥15 使用ue5插件narrative时如何切换关卡也保存叙事任务记录
- ¥20 海浪数据 南海地区海况数据,波浪数据