0

I have created a web applicaiton/site where people are required to log and are able to access some files to view (PDFs).

My issue is I as I am storing these files on the server, in a documentation folder people can access the files directly without having to log in (if they know the random url for example www.example.com/documentation/example1.pdf).

I am using sessions to control if they are logged in or not, but how can i prevent direct access to people just hotlinking the direct link if they are not logged in or have an open session?

If i set the permissons via filezilla, it restricts all access regardless if they are logged in or not.

Can anyone provide advice on a solution I could take for this?

Thanks

4

1 回答 1

0

禁止公开访问该文件夹。只需在文件夹中创建一个 .htaccess 文件并将其放入其中:

Order Allow,Deny
Deny From All

接下来制作一个脚本来检查用户是否登录并提供文件。

它看起来像这样:

...
if (userLoggedIn()) {
   header('Content-disposition: attachment; filename= ' . $_GET['file']);
   header('Content-type: application/pdf');
   readfile($path . $_GET['file']);
}
...

在这种情况下,您的用户需要发出类似www.example.com/download.php?file=example1.pdf的请求,而不是www.example.com/documentation/example1.pdf

于 2013-10-09T22:32:52.637 回答