กดถูกใจ เป็นกำลังใจให้เรา 😍

VIR9.COM

ขอบคุณน๊าา 🥰

Close

  • Generate ip and time limited download link

    September 9, 2018

    +https://stackoverflow.com/questions/7917851/generate-ip-and-time-limited-download-link

    There is a really good nginx module doing this.

    The URL gets two parameters – Let’s call them s (security) and t (timestamp). Security is a secure hash generated from timestamp, path and a salt (in your case just add the ip).

    สร้างฟอร์ม ส่งค่ามาหน้านี้ ให้ส่งหน้านี้ส่งเข้าเมล

    $ip = $_SERVER['REMOTE_ADDR'];
$salt = 'change me cause im not secure';
$path = '/download/webapp.rar';
$timestamp = time() + 3600; // one hour valid
$hash = md5($salt . $ip . $timestamp . $path); // order isn't important at all... just do the same when verifying
$url = "http://mysite.com{$path}?s={$hash}&t={$timestamp}"; // use this as DL url

    To verify:

    กดลิ้งแล้วจะวิ่งมาหน้านี้

    $ip = $_SERVER['REMOTE_ADDR'];
$salt = 'change me cause im not secure';
$path = $_SERVER['REQUEST_URI'];
$hashGiven = $_GET['s'];
$timestamp = $_GET['t'];
$hash = md5($salt . $ip . $timestamp . $path);
if($hashGiven == $hash && $timestamp <= time()) {
    // serve file
} else {
    die('link expired or invalid');
}

    Now you just need to rewrite the downloads to this “man in the middle”-script and you are done.

    Example rewrite for nginx:

    location /download {
    rewrite ^.*$ /download.php last;
    break;
} 

--

    If you are not concerned about people being able to decoding some parameters such as IP or timestamp you could try something like this :

    <?php
$salt = 'SALTING'; // Hash cipher
$key = new stdClass();
$key->limit = time()+3600; // 1 hour limit
$key->ip = $_SERVER['REMOTE_ADDR'];
$key->security = sha1(sha1($salt.serialize($key))); // Double sha1 for fun

$key_param = base64_encode(serialize($key));

echo sprintf('http://mysite.com/download/%s', $key_param);
?>

    Now that’s for getting a unique key, valid 1 hour, for ip $key->ip.

    To verify it :

    <?php
$salt = 'SALTING';
$key = $_GET['key'];
$key = base64_decode($key);
$key = unserialize($key);
if($key->security != sha1(sha1($salt.serialize($key)) || $_SERVER['REMOTE_ADDR'] != $key->ip) {
    throw new Exception('Security breach. U mad bro ?');
}
?>

    And you’re done 🙂 No database involved. Just hashing and matching hashes afterwards.

    But I guess a simple $_SESSION[$file_id] = time()+3600; would do the trick in one line…Not as fun though.

     


เวอไนน์ไอคอร์ส

ประหยัดเวลากว่า 100 เท่า!

เวอไนน์เว็บไซต์⚡️
สร้างเว็บไซต์ ดูแลเว็บไซต์

Categories

Uncategorized