我正在尝试屏蔽包含其他服务器域和一些身份验证值的下载链接。问题是每当加载 download.php 页面时,它会下载一个未知文件,其中包含未知文件名中的所有身份验证值。知道如何解决这个问题吗?
下面是验证码和服务器链接。
$sharedSecret = "xxxxxxxxxxxxxxxxxxxxxx";
$transactionId = "test001";
$resourceId = "urn:uuid:xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx";
$linkURL = "http://acs4.editionguard.com/fulfillment/URLLink.acsm";
$orderSource = "xxxxxx@example.com";
// Create download URL
$URL = "action=enterorder&ordersource=".urlencode($orderSource)."&orderid=".urlencode($transactionId)."&resid=".urlencode("$resourceId")."&dateval=".urlencode($dateval)."&gblver=4";
// Digitally sign the request
$URL = $linkURL."?".$URL."&auth=".hash_hmac("sha1", $URL, base64_decode($sharedSecret));
下面是我用来生成下载的 php 代码。
<?php
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Type: application/force-download; name=\"". $URL ."\"");
header("Content-Length: " .(string)(filesize($URL)) );
header('Content-Disposition: attachment; filename="'.basename($URL).'"');
readfile($URL);
?>