PHP upload file hidden path, do file upload security come in and see.

PHP download file hidden path, do file download security come in and see Oh!
Recently in the file resource management, when downloading the hidden file path is the only way to store files in the directory with Apache configuration so that it cannot directly access the directory list, rewrite technology can hide the server directory!
For example, the download path would be: Http://miresearch.cn/uploadfile/resource/2012-05/8F4F5A42-1B4C-8B80-0EFC-9FF2346373BF.rar
If not done, direct access to http://miresearch.cn/uploadfile/resource/2012-05 This can view all files in this directory of the server, and then after the Apache configuration so that HTTP/ Miresearch.cn/2012-05/8f4f5a42-1b4c-8b80-0efc-9ff2346373bf.rar can be implemented to download files to hide the server directory, and http://miresearch.cn/ 2012-05 This directory cannot be accessed directly.

Beginners to the file download only do so little work, please master to see, what good advice plan, to the younger brother under the guidance ~ have done file download security please come and see, under the guidance Oh ~

------Solution--------------------
Direct output file After account password verification ...

For example

PHP code

header (' Content-type:application/octet-stream '); $ FileSize = filesize (' s.png '); Get the file size header (' last-modified: '. Gmdate (' d, D M Y h:i:s '). ' GMT '); header (' Cache-control:no-store, No-cache, Must-revalidate '); header (' Cache-control:pre-check=0, post-check= 0, max-age=0 '); header (' content-transfer-encoding:binary '); header (' Content-encoding:none '); header (' Content-type: Application/force-download '), header (' Content-length: '. $filesize); header (' Content-disposition:attachment; Filename= "S.png"); ReadFile (' s.png '); 
 