Allow users to download files outside webroot(允许用户在 webroot 之外下载文件)
问题描述
Hello I am using PHP to allow users to upload files and I have them sitting in a folder outside webroot (/var/www) folder for security reasons. It is in the folder /var/uploads. A user uploads files for specific records. Once the the uploaded files are moved to the uploads folder, the address of the attachment is stored in the database. Now whenever a user checks the record, attachments for the specific record are going to be displayed for downloads.
Since they are out of the webroot, I am unable to get them downloaded as they would have a url of
http://localhost/var/uploads/attachment.txt
Do we have a solution or should it downloadable folders be child directories of the webroot?
<?php
$con = mysql_connect("localhost","id","pass");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("db", $con);
$result = mysql_query("select * from attachments");
while($row = mysql_fetch_array($result))
{
echo '<a href="'.$row[2].'" target="_blank">Download</a>--'.$row[3].'<br>';
}
mysql_close($con);
?>
is the code I am using. The folder's owner is www-data:/ or the web server. So there should be no access issues.
Use
a symlink pointing to
/var/uploads
(tutorial here)a Apache
Alias
directiveAlias /uploads /var/uploads
(must be in httpd.conf)or a proxy PHP script that accepts a GET variable
filename=upload.jpg
and fetches the file e.g. usingfpassthru()
the latter is the least preferable option because it is resource intensive, but sometimes it's the only alternative. It also needs proper securing to prevent an attacker from getting other files on your server through the proxy.
这篇关于允许用户在 webroot 之外下载文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!
本文标题为:允许用户在 webroot 之外下载文件
基础教程推荐
- HTTP 与 FTP 上传 2021-01-01
- Doctrine 2 - 在多对多关系中记录更改 2022-01-01
- 在 yii2 中迁移时出现异常“找不到驱动程序" 2022-01-01
- 在 CakePHP 2.0 中使用 Html Helper 时未定义的变量 2021-01-01
- 使用 PDO 转义列名 2021-01-01
- 如何在 XAMPP 上启用 mysqli? 2021-01-01
- 如何在 Symfony 和 Doctrine 中实现多对多和一对多? 2022-01-01
- PHP 守护进程/worker 环境 2022-01-01
- 找不到类“AppHttpControllersDB",我也无法使用新模型 2022-01-01
- phpmyadmin 错误“#1062 - 密钥 1 的重复条目‘1’" 2022-01-01