我试图阻止直接访问我的ftp服务器上的rar文件,方法是使用htaccess并将其重定向到他们可以登录并在成功登录后访问该文件的页面。我这样设置了这个:
htaccess的:
RewriteEngine on
Redirect /Downloads/file1.rar /loginAuth1.php
Redirect /Downloads/file2.rar /loginAuth2.php
loginAuth1:
if(isset($_POST['username']) && isset($_POST['password'])){
$username = mysqli_real_escape_string($con, $_POST['username']);
$password = mysqli_real_escape_string($con, md5($_POST['password']));
$result = mysqli_query($con, "SELECT * FROM `users` WHERE `username` = '$username'") or die(mysqli_error($con));
if(mysqli_num_rows($result) < 1){
header("Location: loginAuth1.php?error=incorrect-password");
}
while($row = mysqli_fetch_array($result)){
if($password != $row['password']){
header("Location: loginAuth1.php?error=incorrect-password");
}elseif($row['status'] == "0"){
header("Location: loginAuth1.php?error=banned");
}else{
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $username;
$_SESSION['email'] = $row['email'];
$_SESSION['rank'] = $row['rank'];
header("Location: Downloads\file1.rar");
}
}
}
loginAuth2:
if(isset($_POST['username']) && isset($_POST['password'])){
$username = mysqli_real_escape_string($con, $_POST['username']);
$password = mysqli_real_escape_string($con, md5($_POST['password']));
$result = mysqli_query($con, "SELECT * FROM `users` WHERE `username` = '$username'") or die(mysqli_error($con));
if(mysqli_num_rows($result) < 1){
header("Location: loginAuth2.php?error=incorrect-password");
}
while($row = mysqli_fetch_array($result)){
if($password != $row['password']){
header("Location: loginAuth2.php?error=incorrect-password");
}elseif($row['status'] == "0"){
header("Location: loginAuth2.php?error=banned");
}else{
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $username;
$_SESSION['email'] = $row['email'];
$_SESSION['rank'] = $row['rank'];
header("Location: Downloads\file2.rar");
}
}
}
检查用户是否成功登录并停止重定向的最佳方法是什么,用户可以下载该文件?
感谢。
答案 0 :(得分:1)
更好的方法是检查身份验证,然后只返回rar文件内容的八位字节流,并在成功时设置标头类型,大小和文件名。这样您就不需要重定向到不受保护的文件。见https://stackoverflow.com/a/8485963/7361251