A detailed explanation of how PHP prevents Thunder download method

How does PHP prevent Thunder from downloading? This article mainly introduced the explanation PHP prevents hotlinking to prevent thunder to download the method, gives everybody to make a reference. We hope to help you.

Prevent hotlinking:

Principle: When the server wants us to download the file, we will get a link, then we will find this file through this link, and then download it. So that means the link must be there, so how to prevent hotlinking it? That is, the link to you is not a real file link. This is easy to think about, then do not give you a real link and how to let you download files?

When we use PHP as a Web page, we always put the PHP code in the middle of the HTML code, and then use PHP to generate the rest of the code, and then passed to the client, that is, the client will accept the results of our PHP script run. That is, if the result of my PHP script runs is the file you want to download. This allows us to implement the file anti-theft chain. That is, you can get the link is the php file, and then by the change of the PHP file into the file you want to download for you.

The code is as follows:

$FileAddress: The relative path of the file. $DownloadName: The name of the file to be downloaded to the client. if (file_exists ($FileAddress) && $file =fopen ($FileAddress, ' R ')) {//first to determine if the file exists, if the file does not exist, then the code behind is in vain. Header (' Content-type:application/octet-stream '); Declares the file type, which is for the client to download it instead of opening it, so it is declared as an unknown binary file. Otherwise, the client will open it online based on its file type. Header (' content-length: '. FileSize ($FileAddress)); Declare the size of the file, tell the client the size of the file, or the client will not see progress when downloading. Header (' content-disposition:attachment;filename= '. $DownloadName); Declare the filename, here is the name of the file that tells the client it is to be downloaded, otherwise the name will be the name of your PHP file. Echo fread ($file, FileSize ($FileAddress)); This is the file to be loaded echo out, so this PHP file can not appear any other text, that is, if there is any other output will be output to the client to download the file. Fclose ($file); Finally closes the handle. }

The above code is successfully qualified to prevent hotlinking tasks, only need to define those two variables. The two variables can be obtained through get, for example, we have the actual link to the file and its number in the database to do a mapping, we just need to get to a file ID to download the file, to ensure that our real file address security. Of course, you can also be the real link to encrypt the file or the like, in short, do not tell the real link and put it to the client can see the place is good.

Prevent Thunder Download

In fact, through the above code, we can only do the hidden link, not to prevent the client with thunder and other tools to download it. So how to prevent the use of thunder and other tools to download it?

As I said before, we can make the PHP file get the path of this file by various means, so we just don't add this information to the link inside. For example, the ID of the file can be transferred via post, and the ID of the file can be transferred through the session.

That's what I'm talking about: fancy-licensed downloads.

1. We can write the download of the leading page to the client session, to store its authorization code, the file ID is also stored in, and then in the downloaded PHP to add the verification session code, so that even if the client will connect the Thunderbolt download is useless.

2. We can add a hidden form on the leading page of the download and submit it to PHP that implements the download function by post, which also prevents the download of the third-party download tool.

In short, there are a lot of such methods, the above two methods to provide reference, the main idea is to download the file information and links separately, so that you can achieve only one link cannot download the file.

Related recommendations:

PHP File Segmentation and Merging (breakpoint continuation)

PHP file itself operation

Simple Introduction to PHP file Lock and Process lock