Cancel an HTTP POST request server side

2020-02-10 10:52发布

问题:

I am trying to write a script for uploading large files (>500MB). I would like to do some authentication before the upload is processed, eg:

$id = $_GET['key'];
$size = $_GET['size'];
$time = $_GET['time'];
$signature = $_GET['signature'];

$secret = 'asdfgh123456';

if(sha1($id.$size.$time.$secret) != $signature){
echo 'invalid signature';
exit;
}
process upload...

unfortunately php only runs this code after the file has been uploaded to a temp directory, taking up valuable server resources. Is there a way to do this before the upload happens? I have tried similar things with perl/cgi but the same thing happens.

回答1:

Wow, already 5 answers telling how it can't be done. mod_perl to the rescue, here you can reject a request before the whole request body is uploaded.



回答2:

Apache is taking care of the upload before the PHP script is even invoked so you won't be able to get at it.

You can either split up the process into two pages (authentication, file upload page) or, if you need to do it all in one page, use an AJAX-esque solution to upload the file after authentication parameters are checked.



回答3:

As far as I know, you cannot do that in PHP. PHP script is launched in response to a request, but a request is not "sent" until the file is uploaded, since the file being uploaded is a part of the request.



回答4:

This is definitely not possible inside the PHP script you're uploading to.

The most simple possibility is indeed to provide authentication one step before the upload takes place.

If that is not an option, one slightly outlandish possibility comes to mind - using a RewriteMap and mapping it to an external program (it should be possible to make that program a PHP script).

Using RewriteMap it is possible to rewrite an URL based on the output of a command line program. If you use this directive to call a (separate) PHP script - you won't be able to use the user's session, though! - you would have access to the GET parameters before the request is processed.

If the processing fails (= the credentials are invalid), you could redirect the request to a static resource which would at least prevent PHP from starting up. (I assume the uploaded will be hogging some resources anyway, but probably less than if it were redirected to PHP.)

No guarantees whether this'll work! I have no own experience with RewriteMap.



回答5:

This is due to the fact that each HTTP request is a single contains all the of form/POST data, including the file upload data.

As such, I don't believe it's possible to handle a file upload request in this fashion irrespective of which scripting language you use.



回答6:

I don't think you can do this. The best you can do is probably to run an AJAX function onSubmit to do your validation first, then if it returns valid then execute the POST to upload the file. You could set a $_SESSION in your AJAX script if the authentication is valid, then check for that session var in the upload script to allow the upload.



标签: php perl http post