我在.php中创建了一个非常简单的下载代码赎回程序(感谢这里的帮助),并且我很难弄清楚如果验证成功,提供下载的最佳方式是什么。基本上,
用户输入无效代码->页面刷新并显示错误消息。用户输入有效代码->给出下载'另存为' ->刷新页面。
在分钟我使用http://www.zubrag.com/scripts/download.php服务的文件,但一旦它已经开始下载,我的表单刷新页面,但只有一半加载的内容?!
这是我用PHP脚本编写的表单。
<div class="dcrForm">
<p>Have a physical copy of this release? Claim your digital download by entering your Download Code below.</p>
<form action="index.php" method="post">
<input type="text" name="code" class="dcrInput" value="">
<input type="submit" name="harrisSubmit" class="dcrSubmit" value="Submit">
</form>
<?php
include("scripts/dcr_config.php");
$code="";
$log="";
if (isset($_POST['harrisSubmit']))
{
$code=$_POST['code'];
$link = mysql_connect($hostname, $dbusername, $dbpassword);
mysql_select_db("$databasename");
$query = "select count from $harris where code='$code'";
if ($q=mysql_query($query))
if ($r=mysql_fetch_array($q)){
if ($r[0]<3)
{
$subquery="update $tbname set count='".($r[0]+1)."' where code='$code'";
mysql_query($subquery);
?><script>window.location.href="download.php?f=test.txt";</script><?php
}
}
$log="<p>Invalid code. Try Again.</p>";
}
echo $log."";
?>
</div>
有没有人有最好的下载服务方式的想法?我知道目前任何知道文件位置的人都可以下载文件但我不确定如何保护I
我很高兴你能走到这一步!
如果要将用户重定向到下载脚本,该脚本需要附加某种令牌以防止未经授权的下载,基本上是重新验证给定的代码或令牌。
在上面的脚本中,你可以这样做,而不是输出javascript重定向到下载脚本:<?php
include "scripts/dcr_config.php";
$code = "";
$log = "";
if (isset($_POST['harrisSubmit'])) {
$code = trim($_POST['code']);
$link = mysql_connect ( $hostname, $dbusername, $dbpassword );
mysql_select_db ( "$databasename" );
$code = mysql_real_escape_string($code); // very important! protects against exploits
$query = "select count from $harris where code='$code'";
if ($q = mysql_query ( $query )) {
if ($r = mysql_fetch_array ( $q )) {
if ($r [0] < 3) {
$subquery = "update $tbname set count='" . ($r [0] + 1) . "' where code='$code'";
mysql_query ( $subquery );
$file = '/path/to/protecteddownload.txt';
// send file to browser as a download dialog
// no content can be output prior to these header() calls
header('Content-type: application/octet-stream');
header('Content-Disposition: attachment; filename="file.txt"');
header('Content-Length: ' . filesize($file));
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
echo file_get_contents($file);
exit; // terminate script
} else {
$log = 'Sorry, this code has already been redeemed.';
}
} else {
$log = 'Invalid download code. Try again.';
}
} else {
// query failed
$log = 'An error occurred validating your code, please try again later.';
}
$log = "<p>Invalid code. Try Again.</p>";
}
?>
<?php if (isset($log) && $log != ''): ?>
<strong class="error"><?php echo $log ?></strong>
<?php endif; ?>
<div class="dcrForm">
<p>Have a physical copy of this release? Claim your digital download by
entering your Download Code below.</p>
<form action="index.php" method="post"><input type="text" name="code"
class="dcrInput" value=""> <input type="submit" name="harrisSubmit"
class="dcrSubmit" value="Submit"></form>
</div>
下载脚本可能类似于我上面的一些脚本。这个例子的关键是,你用file_get_contents提供的文件是不能从web访问的。
我有一个快速的问题,这个文件有多大?这可能是在将文件读取到浏览器时php超时的情况吗?
你可以试试php设置来确认一下(http://php.net/manual/en/function.set-time-limit.php)。
Just my two cents