真的可以隐藏网址吗?

时间:2014-05-31 19:43:38

标签: php .htaccess url-rewriting

我有一个网址

filemgr.php

当用户导航到所述文件管理器的较低级别时,它显示为

filemgr.php#userfiles/username/Images

有没有办法让它显示为

filemgr.php

显示其余的网址?

我对.htaccess编辑和php代码持开放态度。

此Jquery用于显示子级别:

function renderFileRow(data) {

    var $link = $('<a class="name" />')
    .attr('href', data.is_dir ? '#' + data.path : './'+data.path)
    .text(data.name);
    var $dl_link = $('<a/>').attr('href','?do=download&file='+encodeURIComponent(data.path))
    .addClass('download').text('download');
    var $delete_link = $('<a href="#" />').attr('data-file',data.path).addClass('delete').text('delete');
    var perms = [];
    if(data.is_readable) perms.push('read');
    if(data.is_writable) perms.push('write');
    if(data.is_executable) perms.push('exec');
    var $html = $('<tr />')
    .addClass(data.is_dir ? 'is_dir' : '')
    .append( $('<td class="first" />').append($link) )
    .append( $('<td/>').attr('data-sort',data.is_dir ? -1 : data.size)
    .html($('<span class="size" />').text(formatFileSize(data.size))) )
    .append( $('<td/>').attr('data-sort',data.mtime).text(formatTimestamp(data.mtime)) )
    .append( $('<td/>').text(perms.join('+')) )
    .append( $('<td/>').append($dl_link).append( data.is_deleteable ? $delete_link : '') )
    return $html;

}

这是PHP代码:

setlocale(LC_ALL,'en_US.UTF-8');

$tmp = realpath($_REQUEST['file']);
if($tmp === false)
err(404,'File or Directory Not Found');
if(substr($tmp, 0,strlen(__DIR__)) !== __DIR__)
err(403,"Forbidden");

if(!$_COOKIE['_sfm_xsrf'])
setcookie('_sfm_xsrf',bin2hex(openssl_random_pseudo_bytes(16)));
if($_POST) {
if($_COOKIE['_sfm_xsrf'] !== $_POST['xsrf'] || !$_POST['xsrf'])
err(403,"XSRF Failure");
}
$file = $_REQUEST['file'] ?: './userfiles/'.htmlentities($_SESSION['username']);



if($_GET['do'] == 'list') {
if (is_dir($file)) {
$directory = $file;
$result = array();
$files = array_diff(scandir($directory), array('.','..'));
foreach($files as $entry) if($entry !== basename(__FILE__)) {
     $i = $directory . '/' . $entry;
$stat = stat($i);
$result[] = array(
'mtime' => $stat['mtime'],
'size' => $stat['size'],
'name' => basename($i),
'path' => preg_replace('@^\./@', '', $i),
'is_dir' => is_dir($i),
'is_deleteable' => (!is_dir($i) && is_writable($directory)) ||
(is_dir($i) && is_writable($directory) && is_recursively_deleteable($i)),
'is_readable' => is_readable($i),
'is_writable' => is_writable($i),
'is_executable' => is_executable($i),
);
}
} else {
err(412,"Not a Directory");
}
echo json_encode(array('success' => true, 'is_writable' => is_writable($file), 'results' =>$result));
exit;
} elseif ($_POST['do'] == 'delete') {
rmrf($file);
exit;
} elseif ($_POST['do'] == 'mkdir') {
chdir($file);
@mkdir($_POST['name']);
exit;
} elseif ($_POST['do'] == 'upload') {
var_dump($_POST);
var_dump($_FILES);
var_dump($_FILES['file_data']['tmp_name']);
var_dump(move_uploaded_file($_FILES['file_data']['tmp_name'], $file.'/'.$_FILES['file_data']['name']));
exit;
} elseif ($_GET['do'] == 'download') {
$filename = basename($file);
header('Content-Type: ' . mime_content_type($file));
header('Content-Length: '. filesize($file));
header(sprintf('Content-Disposition: attachment; filename=%s',
strpos('MSIE',$_SERVER['HTTP_REFERER']) ? rawurlencode($filename) : "\"$filename\"" ));
ob_flush();
readfile($file);
exit;
}
function rmrf($dir) {
if(is_dir($dir)) {
$files = array_diff(scandir($dir), array('.','..'));
foreach ($files as $file)
rmrf("$dir/$file");
rmdir($dir);
} else {
unlink($dir);
}
}
function is_recursively_deleteable($d) {
$stack = array($d);
while($dir = array_pop($stack)) {
if(!is_readable($dir) || !is_writable($dir))
return false;
$files = array_diff(scandir($dir), array('.','..'));
foreach($files as $file) if(is_dir($file)) {
$stack[] = "$dir/$file";
}
    }
    return true;
    }

    function err($code,$msg) {
    echo json_encode(array('error' => array('code'=>intval($code), 'msg' => $msg)));
    exit;
    }

    function asBytes($ini_v) {
    $ini_v = trim($ini_v);
    $s = array('g'=> 1<<30, 'm' => 1<<20, 'k' => 1<<10);
    return intval($ini_v) * ($s[strtolower(substr($ini_v,-1))] ?: 1);
    }

    $MAX_UPLOAD_SIZE = min(asBytes(ini_get('post_max_size')), asBytes(ini_get('upload_max_filesize')));

1 个答案:

答案 0 :(得分:2)

一个解决方案,而不是通过htaccess或其他方式隐藏网址,是做一个1页的网站。当用户单击链接时,文件只是included进入当前页面,和/或页面使用AJAX进行修改,以便用户永远不会离开页面,并且URL永远不会更改。

例如,如果有人点击链接&#34;显示我的图像&#34;,该链接是一个jquery按钮,它运行$.get功能,抓取图像,并将其显示在页面,没有离开页面。

http://api.jquery.com/jquery.get/

相关问题
最新问题