拒绝直接访问pdf文件,但允许用户登录时使用

时间:2017-06-02 10:43:56

标签: php .htaccess file

我的php应用程序有点问题,我有一个名为&#34的文件夹; my_files"在这里我在许多目录中有很多pdf。 内部" my_files"目录我把这个htaccess行拒绝直接访问表单url(工作正常):

Order Deny,Allow
Deny from all

在我的根项目中,我把这个php文件(get_file.php)只允许为登录成员下载pdf:

if( !empty( $_GET['pdf_name'] ) ) {
  // check if user is logged    
 if( is_user_logged_in() ){
    $pdf_name = preg_replace( '#[^-\w]#', '', $_GET['pdf_name'] );
    $pdf_folder = {$_SERVER['DOCUMENT_ROOT']}/docs/en;
    $fic = "{$pdf_folder}/{$pdf_name}.pdf";
    if( file_exists( $fic ) ){
        header( 'Cache-Control: public' );
        header( 'Content-Description: File Transfer' );*/
        header( 'Content-Type: application/pdf');
        header( "Content-Disposition: attachment; filename={$fic}" );
        header( 'Content-Transfer-Encoding: binary' );
        readfile( $fic );
        exit;
    }
  }
} else {
    die( "ERROR: you don't have permissions to download it." );
}

当我访问此网址时:

myappdomaindotcom/get_file.php?pdf_name=STUDENTS

浏览器返回:

This web page is not available
ERR_INVALID_RESPONSE
有人可以帮帮我吗?目的是禁止文件直接访问,但仅允许登录成员。

更新

在浏览器控制台上我得到了这个回复: 为什么我有数据:image ????

browser console

UPDATE V2

我更改了一些代码以添加引用但是我得到了相同的结果,该文件确实存在,但控制台返回相同的失败状态。

if( !empty( $_GET['pdf_name'] ) ) {
  // check if user is logged    
  if( is_user_logged_in() ) {


    $pdf_name = preg_replace( '#[^-\w]#', '', $_GET['pdf_name'] );
    $pdf_folder = "{$_SERVER['DOCUMENT_ROOT']}/docs/en";
    $pdf_file   = "{$pdf_folder}/{$pdf_name}.pdf";
    echo $pdf_file;
    if( file_exists( $pdf_file ) )
    {

        header( 'Cache-Control: public' );
        header( 'Content-Description: File Transfer' );
        header( 'Content-Type: application/pdf');
        header( "Content-Disposition: attachment; filename={$pdf_file}" );
        header( 'Content-Transfer-Encoding: binary' );
        readfile( $pdf_file ); 

    }
  }
} else {
    die( "ERROR: you don't have permissions to download it." );
}

更新V3工作

我终于通过这篇文章解决了它:solution,下面是最终代码:

if( !empty( $_GET['pdf_name'] ) ) {

 // check if user is logged    
 if( is_user_logged_in() ) {

    $proxiedDirectory   = "{$_SERVER['DOCUMENT_ROOT']}/xxxx/";
    $filename           = $_GET['pdf_name'];
    $file               = $proxiedDirectory.$filename.'.pdf';
    $basename           = basename($file);

    if( file_exists($file) ){
        $fp = fopen($file, 'rb');

        header("Content-Type: application/pdf", true, 200); //May need to determine mime type somehow
        header("Content-Disposition: attachment; filename={$basename}");
        header('Cache-Control: public');
        readfile($file);
        exit();
    }

}

} else { die( "ERROR: you don't have permissions to download it." );}

谢谢你的帮助,但我还有一个问题:是否可以打开pdf而不是下载?

1 个答案:

答案 0 :(得分:0)

试试此代码

错误行此$ pdf_folder = {$ _SERVER ['DOCUMENT_ROOT']} / docs / en;不是字符串。

if( !empty( $_GET['pdf_name'] ) ) {
  // check if user is logged    
 if( is_user_logged_in() ){
    $pdf_name = preg_replace( '#[^-\w]#', '', $_GET['pdf_name'] );
    $pdf_folder = "{$_SERVER['DOCUMENT_ROOT']}/docs/en";
    $fic = "{$pdf_folder}/{$pdf_name}.pdf";
    if( file_exists( $fic ) ){
        header( 'Cache-Control: public' );
        header( 'Content-Description: File Transfer' );*/
        header( 'Content-Type: application/pdf');
        header( "Content-Disposition: attachment; filename={$fic}" );
        header( 'Content-Transfer-Encoding: binary' );
        readfile( $fic );
        exit;
    }
  }
} else {
    die( "ERROR: you don't have permissions to download it." );
}
相关问题
最新问题