开发者

Serving Large Protected Files in PHP/Apache

问答 作者:

I need to serve up large files (> 2gb) from an Apache web server. The files are protected downloads, so I need some kind of way to authorize the user. The CMS I'm using uses cookies checked against a MySQL database to verify the user. On the server, I have no control over max_execution_time, and limited control over memory_limit.

My technique has been working for small files. After the user has been authorized in PHP (by the CMS), I use readfile() to serve the file, which is stored above the document root to prevent direct access. I've read about techniques to chunk the download or to use fpassthru to get around the PHP memory limit. But I haven't found a technique to get around the max_execution_time limit.

I thought about storing the file within the document root, so we could bypass PHP entirely. But what I can't figure 开发者_开发技巧out is how to restrict access with htaccess. I need to verify the user against the database before I can serve them the file.

Thanks.

The nicest solution in my opinion: install mod_xsendfile in your Apache, have the PHP script authorize the user, and on success send a response with an X-Sendfile header pointing to the location of the protected file. From that point on, Apache does the work of serving the file to the client; not PHP.

Take a look at set_time_limit() http://www.php.net/manual/en/function.set-time-limit.php

and max_execution_time http://www.php.net/manual/en/info.configuration.php#ini.max-execution-time

What about using symlinks? If you have a folder example:

userfacingfiles/
  md5_of_order_id1 --> protected-file.exe
  md5_of_order_id2 --> protected-file.exe

protectedfiles/
  .htaccess (contains deny from all)
  protected-file.exe

Basic Example:

$salt = 'canttouchthis';

function create_symlink($order_id, $salt, $protected_file) 
{
  $info = pathinfo('protectedfiles/'.$protected_file);

  symlink('protectedfiles/'.$protected_file, 'userfacingfiles/'.md5($order_id.$salt).'.'.$info['extension']);
}


function get_file($order_id, $salt, $extension)
{

  header('Location: userfacingfiles/'.md5($order_id.$salt).'.'.$extension);
  exit();
}

usage:

When the user pays:

create_symlink(1, 'secureSALT', 'ebook.pdf');

When the user wants to download their ebook

get_file(1, 'secureSALT');

This may not be the most portable method, but because you're redirecting the user the web server is handling the downloads.

继续阅读:.htaccesslarge-filesmemory-limitphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9