我想创建一个简单的登录,只需要几个硬编码的用户名/密码组合,就可以访问我上传的文件的各个私人目录。(mysite.com/user1/,mysite.com/anotheruser/…)
以下是我的mylogin.php.的内容
我有什么方法可以"密码保护"文件,只供从该页面下载,并由其各自的用户下载?这些信息不会非常敏感,但应该在一定程度上是安全的。
<?php //List of users and their passwords
$users = array(
"myusername" => "mYpaSSw0rd2011",
"anothername" => "password2"
);?>
<html>
<head><title>Private Login</title></head>
<body>
<form method="POST" action="mylogin.php">
Username: <input type="text" name="username" size="15" /><br />
Password: <input type="password" name="password" size="15" /><br />
<input type="submit" value="Login" />
</form>
<?php //check username:password combo
if ( isset($_POST["username"]) && $_POST["username"] != "" && ($users[$_POST["username"]] == $_POST["password"])
//*******************************************************
//list (private) files in mysite.com/username's directory
//*******************************************************
}?>
</body></html>
您会发现这非常有用:
标头("内容处置:附件;filename.pdf");
只需读取文件(例如使用readfile),转储数据并将标头设置为附件。
将原件存储在http无法访问的地方(或使用HTACCESS保护它们)。
我认为发布我最终使用的代码以供将来参考可能是合适的。我最终把这个项目分成了3个不同的文件(以及用户的目录)。
在用户目录中,我放置了带有<Files *>Deny from all</Files>的.htaccess文件,以便保护它们的文件。
此外,我知道我在这方面做得很糟糕。我开始使用会话,但我很难让它正常工作。您可以在代码中看到一些残余。任何对重构的帮助都将不胜感激。
我去掉了一些标记,使下面的代码更可读。
==================================================================
index.php=========================================================
==================================================================
<form method="POST" action="userview.php">
Username: <input type="text" name="username" size="15" /><br />
Password: <input type="password" name="password" size="15" /><br />
<input type="submit" value="Login" />
</form>
==================================================================
userview.php======================================================
==================================================================
<?php
//List of users and their passwords
$users = array(
"myusername" => "mYpaSSw0rd2011",
"anothername" => "password2",
);
//Check posted user:pass & start session (or die on mismatch)
//****Session currently doesn't carry over to download.php. I am re-posting username with a hidden form field****
if ( isset($_POST["username"]) && $_POST["username"] != "" && ($users[$_POST["username"]] == $_POST["password"])) {
session_start();
$_SESSION['user'] = $_POST["username"];
} else die("incorrect login");
?>
<html><head><title><?php echo $_POST["username"] ?>'s Files</title></head><body>
<h1>Contents of <?php echo $_POST["username"] ?>'s Directory:</h1>
<?php
$handle = opendir( $_SESSION['user'] . '/' );
if ($handle) { //display directory contents within a radio button list.
echo '<form method="POST" action="download.php">';
echo '<input type="hidden" name="user" value="' . $_SESSION['user'] . '">';
echo '<fieldset>';
while (false !== ($file = readdir($handle))) {
if (substr($file, 0, 1) !== ".")
echo
"<label><input type="radio" name="dlfile" value="$file" /> $file", "</label><br />n";
}
closedir($handle);
echo '</fieldset><br /><input type="submit" value="Download" /></form>' , "nn";
} else die("error: Please contact administrator");
?>
</body></html>
==================================================================
download.php======================================================
==================================================================
<?php
if ( isset($_POST['user']) && isset($_POST['dlfile'])) {
$file = $_POST['user'] . "/" . $_POST['dlfile'];
if (file_exists($file)) {
header('Content-Description: File Transfer');
header('Content-Type: text/plain');
header('Content-Disposition: attachment; filename='.basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
ob_clean();
flush();
readfile($file);
exit;
}
}
?>