php 判断来路
下面是我下载页面down.php的php代码 现在我发现,用迅雷,谷歌浏览器直接打开,就能输出下载文件,一点不起防盗链作用。 现在我想,只允许在我自己...
下面是我下载页面down.php 的php代码 现在我发现,用迅雷,谷歌浏览器直接打开,就能输出下载文件,一点不起防盗链作用。 现在我想,只允许在我自己站上连接过来的可以直接使用,别的的站过来的,和直接输入这个地址的,跳转到copy.htm页上去。 哥哥姐姐我是菜鸟,不懂php,请帮忙下吧,愁了我好几天了。 看看该修改下面哪里, 我不会啊。。
展开
4个回答
展开全部
PHP中的 $_SERVER["HTTP_REFERER"] 预定义服务器变量可以判断来路。
$_SESSION['HTTP_REFERER']可以获取当前链接的上一个连接的来源地址,即链接到当前页面的前一页面的 URL 地址。
一般用于判断浏览者是从哪里点击链接跳到本页面的,即所说的来路,还可以通过判断来路来防止盗链。
例如:
<?php
$url_array = parse_url($_SESSION['HTTP_REFERER']);
//如果页面的域名不是服务器域名,就连接到登陆窗口
if($_SERVER['HTTP_HOST'] != $url_array["host"]) {
header("location: login.php");
exit;
}
?>
$_SESSION['HTTP_REFERER']可以获取当前链接的上一个连接的来源地址,即链接到当前页面的前一页面的 URL 地址。
一般用于判断浏览者是从哪里点击链接跳到本页面的,即所说的来路,还可以通过判断来路来防止盗链。
例如:
<?php
$url_array = parse_url($_SESSION['HTTP_REFERER']);
//如果页面的域名不是服务器域名,就连接到登陆窗口
if($_SERVER['HTTP_HOST'] != $url_array["host"]) {
header("location: login.php");
exit;
}
?>
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
展开全部
<?php
//通过请求的域名判断
if($_SERVER["SERVER_NAME"]=="你的域名")
{
下载
}
else
{
header("location:copy.htm");
}
?>
//通过请求的域名判断
if($_SERVER["SERVER_NAME"]=="你的域名")
{
下载
}
else
{
header("location:copy.htm");
}
?>
本回答被提问者采纳
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
展开全部
<?php
function send_file($file, $speed = 100) {
//First, see if the file exists
if (!is_file($file)) {
die("<b>404 File not found!</b>");
}
//Gather relevent info about file
$filename = basename($file);
$file_extension = strtolower(substr(strrchr($filename,"."),1));
// This will set the Content-Type to the appropriate setting for the file
switch( $file_extension ) {
case "exe":
$ctype="application/octet-stream";
break;
case "zip":
$ctype="application/zip";
break;
case "mp3":
$ctype="audio/mpeg";
break;
case "mpg":
$ctype="video/mpeg";
break;
case "avi":
$ctype="video/x-msvideo";
break;
// The following are for extensions that shouldn't be downloaded
// (sensitive stuff, like php files)
case "php":
case "htm":
case "html":
case "txt":
die("<b>Cannot be used for ". $file_extension ." files!</b>");
break;
default:
$ctype="application/force-download";
}
// Begin writing headers
header("Cache-Control:");
header("Cache-Control: public");
header("Content-Type: $ctype");
$filespaces = str_replace("_", " ", $filename);
// if your filename contains underscores, replace them with spaces
$header='Content-Disposition: attachment; filename='.$filespaces;
header($header);
header("Accept-Ranges: bytes");
$size = filesize($file);
// check if http_range is sent by browser (or download manager)
if(isset($_SERVER['HTTP_RANGE'])) {
// if yes, download missing part
$seek_range = substr($_SERVER['HTTP_RANGE'] , 6);
$range = explode( '-', $seek_range);
if($range[0] > 0) { $seek_start = intval($range[0]); }
if($range[1] > 0) { $seek_end = intval($range[1]); }
header("HTTP/1.1 206 Partial Content");
header("Content-Length: " . ($seek_end - $seek_start + 1));
header("Content-Range: bytes $seek_start-$seek_end/$size");
} else {
header("Content-Range: bytes 0-$seek_end/$size");
header("Content-Length: $size");
}
//open the file
$fp = fopen("$file","rb");
//seek to start of missing part
fseek($fp,$seek_start);
//start buffered download
while(!feof($fp)) {
//reset time limit for big files
set_time_limit(0);
print(fread($fp,1024*$speed));
flush();
sleep(1);
}
fclose($fp);
exit;
}
?>
function send_file($file, $speed = 100) {
//First, see if the file exists
if (!is_file($file)) {
die("<b>404 File not found!</b>");
}
//Gather relevent info about file
$filename = basename($file);
$file_extension = strtolower(substr(strrchr($filename,"."),1));
// This will set the Content-Type to the appropriate setting for the file
switch( $file_extension ) {
case "exe":
$ctype="application/octet-stream";
break;
case "zip":
$ctype="application/zip";
break;
case "mp3":
$ctype="audio/mpeg";
break;
case "mpg":
$ctype="video/mpeg";
break;
case "avi":
$ctype="video/x-msvideo";
break;
// The following are for extensions that shouldn't be downloaded
// (sensitive stuff, like php files)
case "php":
case "htm":
case "html":
case "txt":
die("<b>Cannot be used for ". $file_extension ." files!</b>");
break;
default:
$ctype="application/force-download";
}
// Begin writing headers
header("Cache-Control:");
header("Cache-Control: public");
header("Content-Type: $ctype");
$filespaces = str_replace("_", " ", $filename);
// if your filename contains underscores, replace them with spaces
$header='Content-Disposition: attachment; filename='.$filespaces;
header($header);
header("Accept-Ranges: bytes");
$size = filesize($file);
// check if http_range is sent by browser (or download manager)
if(isset($_SERVER['HTTP_RANGE'])) {
// if yes, download missing part
$seek_range = substr($_SERVER['HTTP_RANGE'] , 6);
$range = explode( '-', $seek_range);
if($range[0] > 0) { $seek_start = intval($range[0]); }
if($range[1] > 0) { $seek_end = intval($range[1]); }
header("HTTP/1.1 206 Partial Content");
header("Content-Length: " . ($seek_end - $seek_start + 1));
header("Content-Range: bytes $seek_start-$seek_end/$size");
} else {
header("Content-Range: bytes 0-$seek_end/$size");
header("Content-Length: $size");
}
//open the file
$fp = fopen("$file","rb");
//seek to start of missing part
fseek($fp,$seek_start);
//start buffered download
while(!feof($fp)) {
//reset time limit for big files
set_time_limit(0);
print(fread($fp,1024*$speed));
flush();
sleep(1);
}
fclose($fp);
exit;
}
?>
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
展开全部
看下http referer这个能够判断,但一般都可以伪装的。
$_SERVER['HTTP_REFERER']
if(strpos($_SERVER['HTTP_REFERER'],'你域名的部分'){
download
}else{
copy
}
$_SERVER['HTTP_REFERER']
if(strpos($_SERVER['HTTP_REFERER'],'你域名的部分'){
download
}else{
copy
}
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
更多回答(2)
推荐律师服务:
若未解决您的问题,请您详细描述您的问题,通过百度律临进行免费专业咨询
