我有点糊涂了。我有一个网站(Apache)在根/网站,在我的主页有一个认证表单,当提交服务器检查与LDAP如果用户可以获得认证与否。
如果成功,用户应该被重定向到'root/website/filestoview'文件夹视图,并能够在其中导航/下载。
-
如何在用户通过身份验证的情况下实现重定向,并拒绝任何类似
www.mysite.com/filestoview
的尝试?我试过htaccess:
order deny,allow allow from localhost deny from all but didn't work.
-
如何显示内容(FTP文件)可能性导航/下载)在一个文件夹,是我的根网站以外?我尝试从根
../../folder2
,但它一直重定向到主页。
谢谢
允许授权用户浏览和下载public_html以外的文件
<?php
// Allow authorized users to browse and download files outside public_html
// http://stackoverflow.com/users/1310701/hex494d49
if(is_user_authorized($user)){
// at this point the user has been authorized
// this is the protected directory; it is outside of public_html
// this is the protected directory
$home = $dir = '/home/user-root/member-area/';
// prevent hacking :)
if(isset($_GET["handle"]) && strpos($_GET["handle"], $home) !== false){
if(is_dir($_GET["handle"])){
$dir = $_GET["handle"] . "/";
}else if(is_file($_GET["handle"])){
$file = $_GET["handle"];
// let user download the file
download_file($file);
}
}
// add <back> link if we are within some sub-directory
echo ($dir != $home) ? "<a href='?handle=" . dirname($dir) ."'>back</a><br />" : "";
// scan directory
$entries = scandir($dir);
$length = count($entries);
for($i = 0; $i < $length; $i++){
if($entries[$i] != "." && $entries[$i] != "..") {
echo "<a href='?handle=" . $dir . $entries[$i] . "'>" . $entries[$i] . "</a><br />";
}
}
}else{
// user isn't authorized to view the content so
// redirect her/him to something entertaining :)
header("Location: https://disneyland.disney.go.com");
}
// -----
function is_user_authorized($user){
// ... your authorization code
return ($user) ? true : false;
}
// -----
function download_file( $file_name ){
if(!file_exists($file_name)) return false;
header("Content-Description: File Transfer");
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; file_name = " . basename($file_name));
header("Content-Transfer-Encoding: binary");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Pragma: public");
header("Content-Length: " . filesize($file_name));
ob_clean();
flush();
readfile($file_name);
exit;
}
?>
进一步改进:增加文件类型和文件大小,用base64编码/解码句柄,提高安全性