问题描述

您好，我发现阿隆Rotteveel脚本：

Hello i found Aron Rotteveel script:

<?php

$file = $_GET['file'];
$fileDir = '/path/to/files/';

if (file_exists($fileDir . $file))
{
    // Note: You should probably do some more checks 
    // on the filetype, size, etc.
    $contents = file_get_contents($fileDir . $file);

    // Note: You should probably implement some kind 
    // of check on filetype
    header('Content-type: image/jpeg');

    echo $contents;
}

？>

是否有可能添加验证这一点，基于用户的Joomla会话？我的意思是，当用户登录到我的网站，他得到进入这个脚本，但不能direcly访问。

is there any possibility to add authentication to this, based on joomla users session? I mean when user logged to my site he got access to this script, but cannot access direcly.

对不起，我的英语水平。

Sorry for my English.

推荐答案

首先，你应该限制从的Joomla框架之外访问您的脚本。您可以在code的开始做粘贴在此code：

Firstly, you should restrict access to your script from outside of the Joomla framework. You can do this pasting this code at the beginning of your code:

// No direct access
defined( '_JEXEC' ) or die( 'Restricted access' );

其次，如果你只是想测试，如果访问该脚本的用户登录您可以使用此code：

Secondly, if you just want to test if the user accessing the script is logged in you can use this code:

$user =& JFactory::getUser();
if ($user->guest) {
  echo "<p>Please login to download.</p>";
}
else {
  //put the download code here
}

如果通过限制直接访问你的意思是$ P $的只是在你的脚本文件的URL将pventing的用户，那么你应该以适当的方式实现它。在的Joomla情况下的porper方式是创建一个MVC组件。下面是官方文档的Joomla一个很好的资源，应该让你开始：开发一个MVC组件。

If by restricting direct access you mean preventing users from just putting in the url of your script file, then you should implement it in a proper way. In case of joomla the porper way would be to create an MVC component. Here's a great resource from offical joomla documentation that should get you started: Developing a MVC Component.