I use Apache 2, PHP 4.3
There is a request below:
Get /include/http/download.php?name=setup.exe http / 1.1
Host: Localhost
Accept: * / *
User-agent: mozilla / 4.0 (compatible; msie 5.00; windows 98)
Range: Bytes = 19434798-
Pragma: no-cache
Cache-Control: No-cache
Connection: Close
Such a request, pay attention:
BYtes = 19434798-
And my Download.php is only 10,000 bytes, and the code is working in this way:
According to the contents of the content from the customer URL and the beginning of the HTTP header, read the appropriate files in the server side, and echo to the client. The purpose is to completely implement the "anti-theft chain" and implement the download count. Because simply redirect to the real URL does not get an anti-theft role.
However, as long as the start download location specified by Request's Range field is larger than the size of Download.php itself, there is no to start the PHP parser, and execute Download.php directly, it is resected directly in the Apache layer.
problem:
1. Is there a way to get the RANGE field of the HTTP request head? If there is, I don't know if Apache is directly referred to the Range "unreasonable" request.
2, if I don't realize this, what is the way to achieve an anti-theft chain and can support multi-threaded download?
Thank you!
-------------------------------------------------- -------------
$ DIR = $ http_get_vars ["DIR"]; // ....... I get the path passed by the previous page.
$ FILE = $ http_get_vars ["file"]; // ....... get the file name
$ URL = PARSE_URL ($ http_referer); / * ... get the URL address of the previous page, put it in an array * /
IF ($ URL [Host]! = $ http_host) {echo "To download this software, please go to "; exit;} / * check source The website is not his own website, if not, return "to download this ..." * /
IF (Empty ($ DIR)) $ dir = "/"; // ... If the path name is empty, the root directory is specified.
IF (Empty ($ file) {echo "does not specify the file to download!"; exit;} / * If the file name is empty, return "Not specified ..." * /
$ rootdir = "The root of files"; // ...... your download path root directory
$ reall = $ rootdir. $ dir; // ....... get your download directory
ChDir ($ realur); // ... transfer the current directory to the download directory
If (! file_exists ($ file)) {echo "Sorry, this link has been invalid, please report to us on the download page, thank you!"; exit;} // ... test file exists
$ filename = $ file;
// Send a file header information
Header ("Cache-Control: Private"); // Fix for IE
Header ("Content-Type: Application / OcTet-Stream"); Header ("Content-Length:" .filesize ($ filename);
Header ("Content-Disposition: attachment; filename = $ filename");
$ fp = fopen ($ filename, 'r'); // Open the specified file in reading
FPASSTHRU ($ fp); // ** CORRECT ** read files in binary
Fclose ($ fp); // Close the file
?>
-------------------------------------------------- -------------
Http://www.phpx.com/happy/thr65431.html This article.
Nothing to do anti-theft chains on the web page.
It is best to strengthen the server side.
-------------------------------------------------- -------------
I tried it is not bad.
// The following is the program code:
Require_once ("./inc/global.php");
Require_once ("./inc/mysql4.php");
$ ID = $ _Get ['id'];
$ DB = Open_DB ();
IF ($ results = $ db-> sql_query ("Select * from ring where id = '$ ID')) {
$ row = $ dB-> SQL_FETCHROW ($ Result);
$ FILE = $ row ['file'];
$ SIZE = $ row ['size'];
Send_Midi ($ ID, $ FILE, $ SIZE);
} Else {
Require_once ("function.php");
Err404 ();
}
Function Send_Midi ($ ID, $ FILE, $ SIZE) {
Header ("Content-Type: Audio / MIDI);
Header ("Content-Length: $ SIZE");
Header ("Content-Disposition: attachment; filename = /" ". $ ID." ". MID /" ");
Echo ($ file);
}
?>
This can provide downloads by judging http_referer or using the member authentication, because the real path will never see. But the disadvantage is that it affects performance and does not seem to support the biography (not verified). The actual demo is in http://wap.yeesee.net/browser.php, and you will have a download address in this way, and you can't see the actual address in any way. (In this example, in the database in the database, you can do this when you actually use, readfiles
