A download address the judgment of anti-theft Daniel into the look!
Two sites one master station one upload used sub-station
The download.php of the main station is the download page
The down.php of the sub-station is the download link
Must be downloaded by clicking on the link in download.php
In order to prevent users from directly accessing the sub-station/down.php?fileid=1 can download to the file made the following judgment
download.php Add a hash value
$hash = Strtoupper (MD5 (' Downloadkey '. Date (' YMDH '));
Down.php also adds a hash value
$hash 2 = strtoupper (MD5 (' Downloadkey '. Date (' YMDH ')));
down.php judgment
if ($hash <> $hash 2) {
Header ("content-type:text/html; Charset=utf-8 ");
echo ' File ID: '. $file _id. '
';
Echo ' ['. $file _name. '] The file address has expired, please return to the download address to download again.
If this problem still occurs, contact your administrator
';
if ($pd _gid==1) {
Echo '
';
echo ' File hash: '. $hash. '
';
echo ' File HASH2: '. $hash 2. '
';
}
There was a problem when the user visited the download page at 20:59:59 ', and then clicked the download
But after the click of Time is 21:00:01, so that the hash value is not the same, and then can not download, to return to re-download it to
How to fix it.
Share to:
------Solution--------------------
The resulting $hash should be passed through a cookie and have a not too long validity period, while being stored in the session
Do not regenerate when checking, only check for the cookie, and compare with the session
Same as check code