我正在使用如下的php文件代码列出目录中的文件,用户将从中检查所需文件并将其下载为zip文件
我有2个问题
1)如何使用url保护文件免受直接下载我希望只使用通过downloadlist.php的表单操作下载文件(如果我在.htaccess中保留denyall,则下载的文件已损坏)
2)此代码还显示列表中的.htaccess供下载(所以我怀疑他们是一种只列出文档,xls,pdf的方法)
如果需要,我可以提供downloadlist.php
<?php
function listDir($dirName)
{
?><form name="filelist" action="downloadList.php" method="POST"><?php echo "\n";
if ($handle = opendir($dirName)) {
while (false !== ($file = readdir($handle))) {
if ($file != "." && $file != "..") { ?> <input type=checkbox name="file[]" value="<?php echo "$file";?>"><?php echo "$file"; ?><br><?php echo "\n";
}
}
closedir($handle);
}
?><br><input type="submit" name="formSubmit" value="Zip and download" /></form><?php
}
listDir('./fold'); ?>
downloadlist.php
<?php
// function download($file) downloads file provided in $file
function download($file) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
ob_clean();
flush();
readfile($file);
exit;
}
$files = $_POST['file'];
if(empty($files))
{
echo("You haven't selected any file to download.");
}
else
{
$zip = new ZipArchive();
$filename = time() . "archive.zip"; //adds timestamp to zip archive so every file has unique filename
if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) { // creates new zip archive
exit("Cannot open <$filename>\n");
}
$N = count($files);
for($i=0; $i < $N; $i++)
{
$zip->addFile($files[$i], $files[$i]); //add files to archive
}
$numFiles = $zip->numFiles;
$zip->close();
$time = 8; //how long in seconds do we wait for files to be archived.
$found = false;
for($i=0; $i<$time; $i++){
if($numFiles == $N){ // check if number of files in zip archive equals number of checked files
download($filename);
$found = true;
break;
}
sleep(1); // if not found wait one second before continue looping
}
if($found) { }
else echo "Sorry, this is taking too long";
} ?>
答案 0 :(得分:1)
将此添加到您的htaccess文件中:
<FilesMatch "\.php$">
allow from all
</FilesMatch>
deny from all
更改
($file != "." && $file != "..")
要
($file != "." && $file != ".." && $file != ".htaccess")
或者,如果您只想列出具有特定扩展名的文件:
((substr($file, -strlen(".pdf")) === ".pdf" ||
(substr($file, -strlen(".xls")) === ".xls" ||
(substr($file, -strlen(".doc")) === ".doc")
答案 1 :(得分:1)
在.htacccess目录中的fold文件中添加此行!
deny from all
编辑此行:
$zip->addFile($files[$i], $files[$i]); //add files to archive
要:
$zip->addFile('./fold/'.$files[$i], $files[$i]); //add files to archive
listDir功能:
<?php
function listDir($dirName)
{
$forbidden_files=array('.htaccess','.htpasswd');
$allow_ext=array('.gif','.png','.bmp','.jpeg','.jpg','.pdf','.doc','.docx','.xls','.xlsx','.php');
?><form name="filelist" action="downloadList.php" method="POST"><?php echo "\n";
if ($handle = opendir($dirName)) {
while (false !== ($file = readdir($handle)) ) {
$allowed=(strpos($file,'.')!==false && in_array(substr($file,strpos($file,'.')) ,$allow_ext ));
if ($file != "." && $file != ".." && $allowed ) { ?> <input type=checkbox name="file[]" value="<?php echo "$file";?>"><?php echo "$file"; ?><br><?php echo "\n";
}
}
closedir($handle);
}
?><br><input type="submit" name="formSubmit" value="Zip and download" /></form><?php
}
listDir('./fold'); ?>