Fatal编程技术网
  • php/
  • Php 私人用户文件的简单登录

Php 私人用户文件的简单登录

php login passwords

Php 私人用户文件的简单登录,php,login,passwords,Php,Login,Passwords,我想创建一个简单的登录,只需几个硬编码的用户名/密码组合,就可以使用我上传的文件访问各个私有目录。(mysite.com/user1/,mysite.com/anotheruser/…) 下面是mylogin.php的内容 对于我来说,有什么方法可以“密码保护”文件,以便仅从本页和其各自的用户下载?这些信息不会非常敏感,但应该是安全的 <?php //List of users and their passwords $users = array( "myusername" =

我想创建一个简单的登录,只需几个硬编码的用户名/密码组合,就可以使用我上传的文件访问各个私有目录。(mysite.com/user1/,mysite.com/anotheruser/…)

下面是mylogin.php的内容

对于我来说,有什么方法可以“密码保护”文件,以便仅从本页和其各自的用户下载?这些信息不会非常敏感,但应该是安全的

<?php   //List of users and their passwords
$users = array(
    "myusername" => "mYpaSSw0rd2011",
    "anothername" => "password2"
);?>

<html>
<head><title>Private Login</title></head>
<body>

    <form method="POST" action="mylogin.php">
      Username: <input type="text" name="username" size="15" /><br />
      Password: <input type="password" name="password" size="15" /><br />
      <input type="submit" value="Login" />
    </form>

<?php //check username:password combo
if ( isset($_POST["username"]) && $_POST["username"] != "" && ($users[$_POST["username"]] == $_POST["password"]) 
    //*******************************************************
    //list (private) files in mysite.com/username's directory
    //*******************************************************    
}?>

</body></html>


私人登录
用户名:

密码:


您会发现这非常有用:

标题('Content-disposition:attachment;filename.pdf')

只需读取文件(例如使用readfile),转储数据并将头设置为附件


将原始文件存储在http无法访问的地方(或使用HTACCESS保护它们)。
我认为将我最终使用的代码发布以供将来参考可能是合适的。最后,我将项目拆分为3个不同的文件(以及用户的目录)

在用户目录中,我使用
Deny from all
将.htaccess文件放置在用户目录中,以保护它们的文件

而且,我知道我做了一些很糟糕的事情。我开始使用会话,但我很难让它正常工作。您可以在代码中看到一些残余。任何对重构的帮助都将不胜感激

我删掉了一些标记,使下面的代码更具可读性


==================================================================
index.php=========================================================
==================================================================

    <form method="POST" action="userview.php">
      Username: <input type="text" name="username" size="15" /><br />
      Password: <input type="password" name="password" size="15" /><br />  
      <input type="submit" value="Login" />
    </form>

==================================================================    
userview.php======================================================
==================================================================

<?php 
    //List of users and their passwords
    $users = array(
        "myusername" => "mYpaSSw0rd2011",
        "anothername" => "password2",
    );

    //Check posted user:pass & start session (or die on mismatch)
        //****Session currently doesn't carry over to download.php.  I am re-posting username with a hidden form field****
    if ( isset($_POST["username"]) && $_POST["username"] != "" && ($users[$_POST["username"]] == $_POST["password"])) {
        session_start();
        $_SESSION['user'] = $_POST["username"];
    } else die("incorrect login");
?>

<html><head><title><?php echo $_POST["username"] ?>'s Files</title></head><body>
<h1>Contents of <?php echo $_POST["username"] ?>'s Directory:</h1>

<?php 
    $handle = opendir( $_SESSION['user'] . '/' );
    if ($handle) { //display directory contents within a radio button list.
        echo '<form method="POST" action="download.php">';
        echo '<input type="hidden" name="user" value="' . $_SESSION['user'] . '">';
        echo '<fieldset>';
        while (false !== ($file = readdir($handle))) {
            if (substr($file, 0, 1) !== ".")
                echo 
                    "<label><input type=\"radio\" name=\"dlfile\" value=\"$file\" /> $file",  "</label><br />\n";
        }
        closedir($handle);
        echo '</fieldset><br /><input type="submit" value="Download" /></form>' , "\n\n";
    } else die("error:  Please contact administrator");
?>
</body></html>

==================================================================
download.php======================================================
==================================================================

<?php 
if ( isset($_POST['user']) && isset($_POST['dlfile'])) {
    $file = $_POST['user'] . "/" . $_POST['dlfile'];
    if (file_exists($file)) {
        header('Content-Description: File Transfer');
        header('Content-Type: text/plain');
        header('Content-Disposition: attachment; filename='.basename($file));
        header('Content-Transfer-Encoding: binary');
        header('Expires: 0');
        header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
        header('Pragma: public');
        header('Content-Length: ' . filesize($file));
        ob_clean();
        flush();
        readfile($file);
        exit;
    }
} 



==================================================================
index.php=========================================================
==================================================================
用户名:

密码:

==================================================================    
userview.php======================================================
==================================================================

好吧!我能让它工作。我花了一分钟的时间才理解header()函数和file/directory函数,但你的建议肯定让我找到了正确的方向。