Explanation of PHP methods to prevent leeching and thunder downloads; explanation of php methods to prevent thunder
Preventing leeching:
Principle: when the server asks us to download the file, we will get a link. Then we can find the file through this link and download it. That is to say, this link must be available. How can we prevent leeching? That is, the link for you is not a real file link. It is easy to think about this. How can you download files without giving you a real link?
When we use php for Web pages, php code will always be interspersed in the middle of the HTML code, and then the remaining code will be generated using php and sent to the client, that is to say, the client will receive the result of running our php script. That is to say, if my php script runs the result, it is the file you want to download. In this way, we implement file anti-leech. That is to say, the link you can get is the PHP file, and then the changed PHP file becomes the file you want for you to download.
The Code is as follows:
$ FileAddress: The relative path of the file. $ DownloadName: the name of the file downloaded to the client. If (file_exists ($ FileAddress) & $ file = fopen ($ FileAddress, 'R') {// you must first determine whether the object exists. if the object does not exist with the object, the code behind is also in vain. Header ('content-type: application/octet-stream'); // declare the file type, which is declared as an unknown binary file to allow the client to download it, rather than open it. Otherwise, the client will open it online based on its file type. Header ('content-Length: '. filesize ($ FileAddress); // declare the file size to tell the client about the file size. Otherwise, the client cannot see the progress during download. Header ('content-disposition: attachment; filename = '. $ DownloadName); // declare the file name, which is the name of the file to be downloaded on the client. Otherwise, the name will be the name of your php file. Echo fread ($ file, filesize ($ FileAddress); // here the loaded file is echo, so this PHP file cannot contain any other text, that is to say, if any other output appears, it will be output to the file downloaded from the client. Fclose ($ file); // finally close the handle .}
The above code is competent for the task of preventing leeching. You only need to define the two variables. The two variables can be obtained through GET. For example, if we map the actual link of the file to its number in the database, we only need to GET a file ID to download the file, this ensures the security of our real file addresses. Of course, you can also encrypt the real link of the file. In short, you just need not describe the real link and put it in a place that the client can see.
Prevent thunder downloads
In fact, through the above code, we can only hide links, and cannot prevent clients from downloading them using tools such as thunder. So how can we prevent the use of thunder and other tools to download it?
As I said before, we can use various ways to obtain the path of the PHP file, so we just need not add this information to the link. For example, you can transmit the Object ID through POST or the Object ID through session.
This is what I said: Fancy authorized download.
1. we can write the Client session on the front page of the download to store the authorization code, store the file ID, and then add the verification session code to the downloaded php, in this way, it is useless even if the client inputs the connection to thunder for download.
2. We can add a hidden form to the front page of the download and submit it to php that implements the download function using POST. This can also prevent downloading by third-party download tools.
In short, there are many such methods. The above two methods provide reference. The main idea is to separate the information and links of the file to be downloaded, so that the object can be downloaded only by one link.
The above is all the content of this article. I hope it will be helpful for your learning and support for helping customers.