我想创建一个简单的登录,只有几个硬编码的用户名/密码组合,可以访问我上传的文件的各个私人目录。 (mysite.com/user1/,mysite.com/anotheruser /...)
以下是我的mylogin.php的内容。
我有哪些方法可以“密码保护”文件,只能从此页面及其各自的用户下载?这些信息不会非常敏感,但它应该有点安全。
<?php //List of users and their passwords
$users = array(
"myusername" => "mYpaSSw0rd2011",
"anothername" => "password2"
);?>
<html>
<head><title>Private Login</title></head>
<body>
<form method="POST" action="mylogin.php">
Username: <input type="text" name="username" size="15" /><br />
Password: <input type="password" name="password" size="15" /><br />
<input type="submit" value="Login" />
</form>
<?php //check username:password combo
if ( isset($_POST["username"]) && $_POST["username"] != "" && ($users[$_POST["username"]] == $_POST["password"])
//*******************************************************
//list (private) files in mysite.com/username's directory
//*******************************************************
}?>
</body></html>
答案 0 :(得分:2)
你会发现这非常有用:
标题('Content-disposition:attachment; filename.pdf');
只需读取文件(例如使用readfile),转储数据并将标题设置为附件。
将原件存放在http无法访问的位置(或使用HTACCESS保护它们)。
答案 1 :(得分:0)
我认为发布我最终使用的代码以供将来参考可能是合适的。我最终将项目拆分为3个不同的文件(以及用户的目录)。
在用户目录中,我使用<Files *>Deny from all</Files>放置了.htaccess文件,以便保护他们的文件。
另外,我知道我做的一些东西很差。我开始使用会话,但我很难让它正常工作。您可以在代码中看到一些遗留物。任何帮助重构将不胜感激。
我删除了一些标记,使下面的代码更具可读性。
==================================================================
index.php=========================================================
==================================================================
<form method="POST" action="userview.php">
Username: <input type="text" name="username" size="15" /><br />
Password: <input type="password" name="password" size="15" /><br />
<input type="submit" value="Login" />
</form>
==================================================================
userview.php======================================================
==================================================================
<?php
//List of users and their passwords
$users = array(
"myusername" => "mYpaSSw0rd2011",
"anothername" => "password2",
);
//Check posted user:pass & start session (or die on mismatch)
//****Session currently doesn't carry over to download.php. I am re-posting username with a hidden form field****
if ( isset($_POST["username"]) && $_POST["username"] != "" && ($users[$_POST["username"]] == $_POST["password"])) {
session_start();
$_SESSION['user'] = $_POST["username"];
} else die("incorrect login");
?>
<html><head><title><?php echo $_POST["username"] ?>'s Files</title></head><body>
<h1>Contents of <?php echo $_POST["username"] ?>'s Directory:</h1>
<?php
$handle = opendir( $_SESSION['user'] . '/' );
if ($handle) { //display directory contents within a radio button list.
echo '<form method="POST" action="download.php">';
echo '<input type="hidden" name="user" value="' . $_SESSION['user'] . '">';
echo '<fieldset>';
while (false !== ($file = readdir($handle))) {
if (substr($file, 0, 1) !== ".")
echo
"<label><input type=\"radio\" name=\"dlfile\" value=\"$file\" /> $file", "</label><br />\n";
}
closedir($handle);
echo '</fieldset><br /><input type="submit" value="Download" /></form>' , "\n\n";
} else die("error: Please contact administrator");
?>
</body></html>
==================================================================
download.php======================================================
==================================================================
<?php
if ( isset($_POST['user']) && isset($_POST['dlfile'])) {
$file = $_POST['user'] . "/" . $_POST['dlfile'];
if (file_exists($file)) {
header('Content-Description: File Transfer');
header('Content-Type: text/plain');
header('Content-Disposition: attachment; filename='.basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
ob_clean();
flush();
readfile($file);
exit;
}
}
&GT;