Dateigrösse: 7.22 kb
1 <?php 2 error_reporting(E_ALL ^E_NOTICE); 3 4 /************* http://www.polycoder.de/scripte/php/sicherer-download/index.html ******************/ 5 6 /**** Variablen anpassen ****/ 7 8 // Datei mit den Arrays der Login-Namen 9 $userdata = "loginNamen.php"; 10 // url die immer vorgestellt werden soll 11 $url = "./"; 12 // Verzeichnis der Download-Dateien 13 $path2files = "./pdf/"; 14 // Pfad zur Logdatei, die aufzeigt, wer was wann downloaded 15 $logfile = "./log/downloads.log"; 16 17 // setzen der Cacheverwaltung auf 'private' 18 @session_cache_limiter('private'); 19 //echo "Die Cacheverwaltung ist jetzt auf " . @session_cache_limiter() . " gesetzt.<br><br>"; 20 // setzen der Cache-Verfallszeit auf 30 Minuten 21 @session_cache_expire(30); 22 // Session starten 23 @session_start(); 24 // expire the session if user is inactive for X minutes * 60 or more 25 $expireAfter=10*60; 26 // check to see if our "last action" session variable has been set 27 if(isset($_SESSION['last_action'])) 28 { 29 // figure out how many seconds have passed since the user was last active 30 $secondsInactive = time()-$_SESSION['last_action']; 31 // check to see if user has been inactive longer that 32 if($secondsInactive > $expireAfter) 33 { 34 // unset that session + cookie 35 session_unset(); 36 session_destroy(); 37 } 38 } 39 // assign the current timestamp as the user's latest activity 40 /* 41 echo $_SESSION["user"] . $_POST["user"]; 42 echo '<br>'; 43 echo $_SESSION["pass"] . $_POST["pass"]; 44 */ 45 if(isset($_GET['delsession'])) 46 { 47 // unset that session + cookie 48 session_unset(); 49 session_destroy(); 50 unset($_SESSION["user"]); 51 unset($_SESSION["pass"]); 52 //echo "session_is_deleted"; 53 } 54 55 if (isset($_POST["submit"]) && !empty($_POST["user"]) && !empty($_POST["pass"])) 56 { 57 //include_once($userdata); 58 $myuser = array('mike','user','einstieg'); 59 $mypass = array('www','user','b1'); 60 61 $userfound = false; 62 $passfound = false; 63 64 if (false !== $key = array_search($_POST["user"], $myuser)) { 65 $userfound = true; 66 if ($_POST["pass"] == $mypass[$key]) { 67 $passfound = true; 68 } 69 } 70 71 if ($passfound===true && $userfound===true) { 72 // erstelle Sessionvariablen 73 $_SESSION["user"] = $_POST["user"]; 74 $_SESSION["pass"] = $_POST["pass"]; 75 showFiles(); 76 exit; 77 } else { 78 echo doForm($_REQUEST["f"],"incorrect"); 79 exit; 80 } 81 } 82 83 if (( isset($_SESSION["user"]) && 84 !empty($_SESSION["user"])) && 85 (isset($_SESSION["pass"]) && 86 !empty($_SESSION["pass"])) && 87 (isset($_REQUEST["f"]) && 88 !empty($_REQUEST["f"]) 89 )) 90 { 91 // Download-logfile als string erzeugen: 92 $log = $_SESSION["user"]." | ". 93 $_REQUEST["f"]." | ". 94 date("Y-m-d H:i:s")." | ". 95 $_SERVER["REMOTE_ADDR"]." | ". 96 $_SERVER["HTTP_USER_AGENT"]."\n\r"; 97 $fp = fopen($logfile,"a"); 98 fputs($fp,$log); 99 fclose($fp); 100 101 // Fileposition suchen: 102 $filename = $url . $path2files . $_REQUEST["f"]; 103 104 // Passenden Datentyp erzeugen: 105 header("Content-Type: application/octet-stream"); 106 107 // Passenden Dateinamen im Download-Requester erzeugen, 108 // z.B. den Original-Dateinamen: 109 $basename = basename($_REQUEST["f"]); 110 header("Content-Disposition: attachment; filename=\"$basename\""); 111 112 // Datei ausgeben mit Download-Manager (headers muessen aktiviert sein) 113 readfile($filename); 114 // Datei in einem neuen Tab oeffnen (headers passiv setzen) 115 //showFiles($filename); 116 117 //(isset($_REQUEST["f"]) && !empty($_REQUEST["f"])) && 118 } else if ( isset($_GET["delsession"]) || ( isset($_REQUEST["f"]) && !isset($_SESSION["user"]) || !isset($_SESSION["pass"]) ) ) 119 { // Aufruf der Seite von nicht angemeldetem user -> Login-Formular zeigen 120 echo doForm($_REQUEST["f"]); 121 exit; 122 } else { 123 showFiles(); 124 } 125 126 function showFiles($filename='') 127 { 128 $meta = (strlen($filename) > 0) ? '<meta http-equiv="refresh" content="0,'. dirname($_SERVER["PHP_SELF"]) .'/'. $filename .'" />' 129 : ''; 130 ?> 131 132 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> 133 <html> 134 <head> 135 <title>Download Verwaltung mit Session</title> 136 <meta http-equiv="content-type" content="text/html; charset=UTF-8" /> 137 <meta http-equiv="content-style-type" content="text/css" /> 138 <meta http-equiv="content-script-type" content="text/javascript" /> 139 <?php echo $meta; ?> 140 <link href="./css/styles.css" rel="stylesheet" type="text/css" /> 141 <style type="text/css" media="screen"> 142 <!-- 143 @import url("./styles.css"); 144 --> 145 </style> 146 <!--[if IE 7]> 147 @import url("./styles_ie7.css"); 148 <![endif]--> 149 </head> 150 151 <body> 152 <!-- 153 geben Sie hier die links so an: <a href="?f=[datei]">linkbeschreibung</a> 154 --> 155 <!-- 156 <a href="?f=eb_zuerich_plakat.pdf">EB Zürich (A4)</a> 157 <p></p> 158 <a href="?f=humanae_vitae.pdf">Enzyklika <em>'humanae vitae'</em></a> 159 <p></p> 160 <a href="?f=Flyer_Lernfoyer.pdf">Flyer Lernfoyer</a> 161 <p></p> 162 <a href="?f=Linkliste_Stellensuche.pdf">Linkliste für die Jobsuche</a> 163 <p></p> 164 <a href="?f=schweizerdeutsch.pdf">Schweizerdeutsch</a> 165 <p></p> 166 <a href="?f=Lageplan_Lagerstrasse.pdf">Sitemap Lagerstrasse</a> 167 <p></p> 168 --> 169 <?php 170 $output = '<h2>Dokumente zum Downloaden</h2>'; 171 $arrFiles = array(); 172 $file_path = dirname($_SERVER['SCRIPT_FILENAME']) . '/pdf/'; 173 $access_dir = dir($file_path); 174 175 while( $file = $access_dir->read() ) 176 { 177 if(strtolower(end(@explode('.',$file)))=='pdf') 178 { 179 //echo $file; 180 $arrFiles[] = $file; 181 } 182 } 183 $access_dir->close(); 184 185 @asort($arrFiles); 186 187 foreach( $arrFiles as $k => $value ) 188 { 189 $output .= '<a href="?f=' . $value . '"><span style="font-size:125%;">»</span> ' . $value . '</a>'; 190 $output .= '<p></p>'; 191 } 192 echo $output; 193 194 echo '<a class="logoff" href="' .$_SERVER["PHP_SELF"]. '?delsession">Abmelden</a>'; 195 196 ?> 197 198 </body> 199 </html> 200 201 <?php 202 } 203 204 function doForm($path, $e='') 205 { 206 $error = (strlen($e)>0) ? '<h3 class="red">' . $e . '</h3>' : ''; 207 208 $out = ' 209 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> 210 <html> 211 <head> 212 <title>Login</title> 213 <meta http-equiv="content-type" content="text/html; charset=UTF-8" /> 214 <link href="./css/styles.css" rel="stylesheet" type="text/css" /> 215 <script type="text/javascript"></script> 216 </head> 217 218 <body onload="document.login.user.focus();"> 219 <div id="formular"> 220 <h2>Anmeldung</h2> 221 <form method="post" action="' .$_SERVER["PHP_SELF"]. '?f=' .$path. '" name="login"> 222 <div style="float:left;"> 223 <input type="text" name="user" placeholder="Username" required="required" size="12" class="textfeld" /></div> 224 <div style="float:left; margin:0 1.2em;"> 225 <input type="password" name="pass" placeholder="Password" required="required" size="12" class="textfeld" /></div> 226 <div style="float:left;"> 227 <input type="submit" name="submit" value="Login" class="sub" /></div> 228 <div style="float:left;">' . $error . '</div> 229 <br> 230 <br> 231 <!-- 232 <a href="#">register</a> 233 --> 234 </form> 235 </div> 236 </body> 237 </html>'; 238 239 return $out; 240 } 241 242 ?> 243