Detailed explanation of how PHP prevents Thunder downloads
How does PHP prevent Thunder downloads? This article mainly introduces the detailed explanation of PHP's methods to prevent hot links and Thunder downloads, as a reference for everyone. I hope to be helpful.
Prevent hotlinking:
Principle: When the server asks us to download a file, we will get a link, and then we find the file through this link, and then Download it. So that means this link must be there, so how to prevent hot links? That means the link given to you is not a real file link. This is easy to think of, so how can we let you download the file without giving you a real link?
When we use PHP to make web pages, we always insert the PHP code in the middle of the HTML code, then use PHP to generate the remaining code, and then pass it to the client, which means that the client will accept it to the result of running our php script. That is to say: if the result of running my php script is the file you want to download. In this way, we have achieved file hotlink protection. That is to say, the link you can get is this php file, and then this ever-changing php file is turned into the file you want for you to download.
The code is as follows:
1 2 3 4 5 6 7 8 9 |
|
The above code has successfully completed the task of preventing hotlinking, and only needs to define those two variables. Those two variables can be obtained through GET. For example, if we map the actual link of the file to its number in the database, we only need to GET a file ID to download the file, ensuring the security of our real file address. . Of course, you can also encrypt the real link to the file. In short, just don't mention the real link and put it where the client can see it.
Prevent Thunder downloads
In fact, through the above code, we can only hide the link, but cannot prevent the client from using Thunder and other tools to download it. So how to prevent it from being downloaded using tools such as Thunder?
As I said before, we can use various ways to get the path of this file to the php file, so we just need not to add this information to the link. For example: the file ID can be transmitted through POST, and the file ID can be transmitted through session.
This is what I call: fancy authorized downloads.
1. We can write the client session in the downloaded header page to store its authorization code and file ID, and then add the code to verify the session in the downloaded php, so that even if the client It is useless to enter the connection into Thunder download.
2. We can add a hidden form to the download header page and use POST to submit it to php that implements the download function. This can also achieve the purpose of preventing third-party download tools from downloading.
In short, there are many such methods. The above two methods provide reference. The main idea is to separate the information and links of the files to be downloaded, so that the file cannot be downloaded with only one link.
Related recommendations:
php file splitting and merging (resumable upload at breakpoint)
A brief introduction to PHP file lock and process lock
The above is the detailed content of Detailed explanation of how PHP prevents Thunder downloads. For more information, please follow other related articles on the PHP Chinese website!

Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

Notepad++7.3.1
Easy-to-use and free code editor

SublimeText3 Chinese version
Chinese version, very easy to use

Zend Studio 13.0.1
Powerful PHP integrated development environment

Dreamweaver CS6
Visual web development tools

SublimeText3 Mac version
God-level code editing software (SublimeText3)

Hot Topics

JWT is an open standard based on JSON, used to securely transmit information between parties, mainly for identity authentication and information exchange. 1. JWT consists of three parts: Header, Payload and Signature. 2. The working principle of JWT includes three steps: generating JWT, verifying JWT and parsing Payload. 3. When using JWT for authentication in PHP, JWT can be generated and verified, and user role and permission information can be included in advanced usage. 4. Common errors include signature verification failure, token expiration, and payload oversized. Debugging skills include using debugging tools and logging. 5. Performance optimization and best practices include using appropriate signature algorithms, setting validity periods reasonably,

This tutorial demonstrates how to efficiently process XML documents using PHP. XML (eXtensible Markup Language) is a versatile text-based markup language designed for both human readability and machine parsing. It's commonly used for data storage an

Static binding (static::) implements late static binding (LSB) in PHP, allowing calling classes to be referenced in static contexts rather than defining classes. 1) The parsing process is performed at runtime, 2) Look up the call class in the inheritance relationship, 3) It may bring performance overhead.

A string is a sequence of characters, including letters, numbers, and symbols. This tutorial will learn how to calculate the number of vowels in a given string in PHP using different methods. The vowels in English are a, e, i, o, u, and they can be uppercase or lowercase. What is a vowel? Vowels are alphabetic characters that represent a specific pronunciation. There are five vowels in English, including uppercase and lowercase: a, e, i, o, u Example 1 Input: String = "Tutorialspoint" Output: 6 explain The vowels in the string "Tutorialspoint" are u, o, i, a, o, i. There are 6 yuan in total

What are the magic methods of PHP? PHP's magic methods include: 1.\_\_construct, used to initialize objects; 2.\_\_destruct, used to clean up resources; 3.\_\_call, handle non-existent method calls; 4.\_\_get, implement dynamic attribute access; 5.\_\_set, implement dynamic attribute settings. These methods are automatically called in certain situations, improving code flexibility and efficiency.

PHP and Python each have their own advantages, and choose according to project requirements. 1.PHP is suitable for web development, especially for rapid development and maintenance of websites. 2. Python is suitable for data science, machine learning and artificial intelligence, with concise syntax and suitable for beginners.

PHP is a scripting language widely used on the server side, especially suitable for web development. 1.PHP can embed HTML, process HTTP requests and responses, and supports a variety of databases. 2.PHP is used to generate dynamic web content, process form data, access databases, etc., with strong community support and open source resources. 3. PHP is an interpreted language, and the execution process includes lexical analysis, grammatical analysis, compilation and execution. 4.PHP can be combined with MySQL for advanced applications such as user registration systems. 5. When debugging PHP, you can use functions such as error_reporting() and var_dump(). 6. Optimize PHP code to use caching mechanisms, optimize database queries and use built-in functions. 7

PHP is widely used in e-commerce, content management systems and API development. 1) E-commerce: used for shopping cart function and payment processing. 2) Content management system: used for dynamic content generation and user management. 3) API development: used for RESTful API development and API security. Through performance optimization and best practices, the efficiency and maintainability of PHP applications are improved.
