dpik71879 2010-02-24 17:32
浏览 61
已采纳

使用php验证/拒绝访问目录中的文件

I have a directory of files that logged-in users can upload to and access. Some of the files are public, and others are private - for internal access only. The filenames and access settings are saved in a database.

Can anybody give me some resources or show me an example of how i can use session data (and .htaccess?) to allow access of private files only to authorized users?

I'm thinking it might be easier to keep public documents in a seperate, unprotected directory, though i'd kind of like to keep everything together.

I'm not concerned about top-level security or encryption, as the files aren't terribly sensitive, but i want to keep them from being indexed on search engines, etc.

thanks!

  • 写回答

2条回答 默认 最新

  • drsc10888 2010-02-24 17:56
    关注

    I suppose I wouldn't use a .htaccess (or any kind of HTTP-authentication) for that : .htaccess / .htpasswd are great when you want to allow/deny access to a whole directory, and not to specific files.


    Instead, I would :

    • Deny any access to the files -- i.e. use a .htaccess file, containing Deny from All
      • That way, no-one has access to the file
      • Which means everyone will have to use another way to get to the files, than a direct URL.
    • Develop a PHP script that would :
      • receive a file identifier (a file name, for instance ; or some identifier that can correspond to the file)
      • authenticate the users (with some login/password fields), against the data stored in the database
      • if the user is valid, and has access to the file (This is if different users don't have access to the same set of files), read the content of the file from your PHP script, and send it the the user.

    The advantage is that your PHP script has access to the DB -- which means it can allow users to log-in, log-out, it can use sessions, ...


    About the "send the file from PHP", here are a couple of questions that might bring some light :

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 如何用stata画出文献中常见的安慰剂检验图
  • ¥15 c语言链表结构体数据插入
  • ¥40 使用MATLAB解答线性代数问题
  • ¥15 COCOS的问题COCOS的问题
  • ¥15 FPGA-SRIO初始化失败
  • ¥15 MapReduce实现倒排索引失败
  • ¥15 ZABBIX6.0L连接数据库报错,如何解决?(操作系统-centos)
  • ¥15 找一位技术过硬的游戏pj程序员
  • ¥15 matlab生成电测深三层曲线模型代码
  • ¥50 随机森林与房贷信用风险模型