我正在编写一个允许用户从我的网站下载音频的 php 程序。
为此,他们访问www.mysite.com/downloadit.php?file=myfile.mp3,myfile.mp3 的下载将立即开始。
但是有一个问题:我不希望人们能够下载系统文件。我将通过检查是否$_GET['file']
包含子字符串.mp3
或.wav
. 我正在尝试使用strpos
命令执行此操作,但无法使其正常工作。如何检查字符串中的多个子字符串(.mp3 和 .wav)strpos
?或者也许我应该使用不同的命令?请告诉我!
到目前为止,这是我的代码:
$haystack=$_GET['file'];
$resulting = strpos($haystack, ".mp3");
//if found $resulting will equal 1
//if not found $resulting will equal 0
//if $resulting is less than one then it must be 0
if($resulting < 1){
//security breach!
die("Unauthorized");
}
//assuming we passed the last test, everything went well, we will then continue
else{
//code here
}
感谢@DoubleSharp,我现在有了这个完整的代码!!!
//if it is found $resulting will not equal 0
//if it is not found $resulting will equal 0
//echo the result
//echo $resulting;
//add a line break
echo "<br/>";
//if $resulting is less than one then it must be 0
//since it is 0 it must mean that it is a breach!
if (preg_match("~\.(mp3|wav)$~i", $haystack))
{
echo "hi nice file";
}
else
{
die("bad file");
}
?>