我目前正在使用此代码隐藏下载链接,但它为某些用户提供了未完成的下载。我不知道为什么,但有太多用户向我报告这个问题。 我目前的代码是:
file = "../".$realFileName;
$fakeFileName= 'Upbaz.ir-'.base64_decode($_GET['ffname']);
$fp = fopen($file, 'rb');
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename=$fakeFileName");
header("Content-Length: " . filesize($file));
fpassthru($fp);
任何人都知道隐藏下载链接的其他方法吗?
答案 0 :(得分:1)
增加脚本时间运行eq
@set_time_limit(120);
答案 1 :(得分:1)
此脚本将处理文件的下载,它包含缓冲区/不同的ext类型(如果需要)。隐藏链接的一种好方法是将文件放在受保护的目录中,并将链接存储在数据库中。用户看到绑定到文件的ID或会话,服务器找到该文件并提供服务。
if ($fd = fopen ($fullPath, "r")) {
$fsize = filesize($fullPath);
$path_parts = pathinfo($fullPath);
$ext = strtolower($path_parts["extension"]);
switch ($ext) {
case "txt":
header("Content-type: application/txt"); // add here more headers for diff. extensions
header("Content-Disposition: attachment; filename=\"".$path_parts["basename"]."\""); // use 'attachment' to force a download
break;
default:
header("Content-type: application/octet-stream");
header("Content-Disposition: attachment; filename=\"".$path_parts["basename"]."\"");
}
header("Content-length: $fsize");
header("Cache-control: private"); //use this to open files directly
while(!feof($fd)) {
$buffer = fread($fd, 2048);
echo $buffer;
}
}
fclose ($fd);
.htaccess保护目录(你应该只有这些文件的目录
deny from all
以上脚本已修改为您的:
$file = "../".$realFileName;
$fakeFileName= 'Upbaz.ir-'.base64_decode($_GET['ffname']);
if ($fd = fopen ($file, "r")) {
$fsize = filesize($file);
header("Content-type: application/octet-stream");
header("Content-Disposition: attachment; filename=\"$fakename\"");
header("Content-length: $fsize");
header("Cache-control: private"); //use this to open files directly
while(!feof($fd)) {
$buffer = fread($fd, 2048);
echo $buffer;
}
}
fclose ($fd);