Im building a "premium" section of my site and Im in a need to give download access to files in a remote directly (on a different server), to users with special privileges (accounts stored in mysql db). My site is coded in php/mysql so a php solution would be great.
相关问题
- Views base64 encoded blob in HTML with PHP
- Laravel Option Select - Default Issue
- PHP Recursively File Folder Scan Sorted by Modific
- Can php detect if javascript is on or not?
- Using similar_text and strpos together
I'm used to doing this in ASP.NET where it's built in, but this article seems to chronicle your exact situation.
As @pxl said, you need to check for authorization and then output the correct mime type as an HTML header (like he said:
header("Content-type: image/jpeg");
)Also, once you are done with that, you will need to output the actual contents of the file and it's size (in bytes) as such:
Just make sure to store the file in a directory that is not accessible from the web.
direct all download links to a php file that'll do all the credential checking.
you can call the file download.php
pass along parameters via cookies, get, post, session, or whichever manner you verify privileges.
once credentials are verified, you can send an appropriate header.
if it's an image, the header would be
header("Content-type: image/jpeg");
i'm assuming that you also own this remote server.
some useful links:
MIME types
PHP Header Function
Here's what I would do:
Built a PHP-SOAP-Sever on the remote server B that holds the files.
Whenever a user triggers a download on your main server A connect to the SOAP-Server on B and reserve a ticket for the user specifying an IP-address and the id/path of the file to download.
Server B will now create a ticketId(which should only be valid for a limited time) for this download and return it to A.
Server A redirects the user to Server B supplying the ticketId as a GET parameter
Server B now checks if the ticket was already used, is expired or if the user comes from the wrong IP. If none of them apply serve the file and mark the ticket as used.
Note: On server B don't keep PHP running while serving the file but use the X-Sendfile header instead. Otherwise the download might stop after the PHP max execution time.