urldecode进行加密<a href="mycgi?foo=". urlencode($userinput). ">";urlencode
解码已编码的 URL 字符串$a = explode('&', $QUERY_STRING);
$i = 0;
while ($i < count($a)) {
$b = split('=', $a[$i]);
echo 'Value for parameter ', htmlspecialchars(urldecode($b[0])),
' is ', htmlspecialchars(urldecode($b[1])), "<br />\n";
$i++;
}
解码已编码的 URL 字符串$a = explode('&', $QUERY_STRING);
$i = 0;
while ($i < count($a)) {
$b = split('=', $a[$i]);
echo 'Value for parameter ', htmlspecialchars(urldecode($b[0])),
' is ', htmlspecialchars(urldecode($b[1])), "<br />\n";
$i++;
}
先用楼上的方法作个编码(注意,用这个地址仍然可以下载),所以:使用php文件作间接.然后判断的读取。
<?php
if($_SERVER['REMOTE_ADDR'] == "http://example.com/play.php")
{
echo file_get_contents("play.wma");
}
else
{
echo "非法读取";
}
?>
<?php
require_once("../bbs/include/common.inc.php");
require_once("../site_Base.php");
if(inject_check(decode($_GET['oid']))){
exit('你提交的数据非法,请检查后重新提交!');
}else{
$oid = decode($_GET['oid']);
}
$dba->query("select * from site_downsource where oid = '$oid'");
$dba->next_record();
$file = $dba->f(filename);
$coin = $dba->f(scoin);
if($discuz_uid == 0){
echo "<script language='javascript'>alert('你还没有登录,请登录后在试听或者下载!');</script>";
exit("<script>window.close();</script>");
}else{
$dba->query("select * from bbs_members where uid = '$discuz_uid'");
$dba->next_record();
$vip = $dba->f(vip);
$coins = $dba->f(extcredits2);
if($lx == 1){
if($vip == 0){
if($coins >= $coin){
$dbb->query("update bbs_members set extcredits2 = extcredits2 - '$coin' where uid = '$discuz_uid'");
}else{
echo "<script>alert('你的帐户不足,请你进入个人中心冲值!');</script>";
exit;
}
}
}
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name=author content="Z.J.Studio">
<title>在线收听</title>
</head>
<body scroll=no topmargin="0" leftmargin="0" oncontextmenu="self.event.returnValue=false">
<table border="0" cellpadding="0" cellspacing="0" width="420">
<tr>
<td> </td>
</tr>
<tr>
<td width="100%" align="right">
<OBJECT ID="mPlayer1" WIDTH=100% HEIGHT="64" CLASSID="CLSID:6BF52A52-394A-11D3-B153-00C04F79FAA6">
<PARAM NAME="URL" VALUE="<? echo '../down/'.$file;?>">
<PARAM NAME="URL" VALUE="">
<PARAM NAME="rate" VALUE="1">
<PARAM NAME="balance" VALUE="0">
<PARAM NAME="currentPosition" VALUE="0">
<PARAM NAME="defaultFrame" VALUE="">
<PARAM NAME="playCount" VALUE="1">
<PARAM NAME="autoStart" VALUE="-1">
<PARAM NAME="currentMarker" VALUE="0">
<PARAM NAME="invokeURLs" VALUE="-1">
<PARAM NAME="baseURL" VALUE="">
<PARAM NAME="volume" VALUE="80">
<PARAM NAME="mute" VALUE="0">
<PARAM NAME="uiMode" VALUE="full">
<PARAM NAME="stretchToFit" VALUE="-1">
<PARAM NAME="windowlessVideo" VALUE="0">
<PARAM NAME="enabled" VALUE="-1">
<PARAM NAME="enableContextMenu" VALUE="true">
<PARAM NAME="fullScreen" VALUE="0">
<PARAM NAME="SAMIStyle" VALUE="">
<PARAM NAME="SAMILang" VALUE="">
<PARAM NAME="SAMIFilename" VALUE="">
<PARAM NAME="captioningID" VALUE="">
<PARAM NAME="enableErrorDialogs" VALUE="0">
</OBJECT>
</td>
</tr>
</table>
</body>
</html>
肯定能的 ,这个地址直接在IE下也可以下载,你说能不能??楼主用我3楼的方法判断来源页面,进行判断性的输出,这样更有效。1楼的解码的方法,用一个函数(urldecode)就可以了,为什么那么复杂?????(PS:任何的方法都是要经过浏览器播放的,所以完全不被别人下载是没可能的)
<?php
if($_SERVER['REMOTE_ADDR'] == "http://example.com/play.php")
{
echo '../down/'.$file;//输出地址
}
else
{
echo "非法读取";//非法操作
}
?>那个文件可以改为:
<?php
require_once("../bbs/include/common.inc.php");
require_once("../site_Base.php");
if(inject_check(decode($_GET['oid']))){
exit('你提交的数据非法,请检查后重新提交!');
}else{
$oid = decode($_GET['oid']);
}
$dba->query("select * from site_downsource where oid = '$oid'");
$dba->next_record();
$file = $dba->f(filename);
$coin = $dba->f(scoin);
if($discuz_uid == 0){
echo " <script language='javascript'>alert('你还没有登录,请登录后在试听或者下载!'); </script>";
exit(" <script>window.close(); </script>");
}else{
$dba->query("select * from bbs_members where uid = '$discuz_uid'");
$dba->next_record();
$vip = $dba->f(vip);
$coins = $dba->f(extcredits2);
if($lx == 1){
if($vip == 0){
if($coins >= $coin){
$dbb->query("update bbs_members set extcredits2 = extcredits2 - '$coin' where uid = '$discuz_uid'");
}else{
echo " <script>alert('你的帐户不足,请你进入个人中心冲值!'); </script>";
exit;
}
}
}
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name=author content="Z.J.Studio">
<title>在线收听 </title>
</head>
<body scroll=no topmargin="0" leftmargin="0" oncontextmenu="self.event.returnValue=false">
<table border="0" cellpadding="0" cellspacing="0" width="420">
<tr>
<td> </td>
</tr>
<tr>
<td width="100%" align="right">
<OBJECT ID="mPlayer1" WIDTH=100% HEIGHT="64" CLASSID="CLSID:6BF52A52-394A-11D3-B153-00C04F79FAA6">
<PARAM NAME="URL" VALUE=" <? include("play.php");//这里修改了一下,通过play.php判断是否输出播放地址?>">
<PARAM NAME="URL" VALUE="">
<PARAM NAME="rate" VALUE="1">
<PARAM NAME="balance" VALUE="0">
<PARAM NAME="currentPosition" VALUE="0">
<PARAM NAME="defaultFrame" VALUE="">
<PARAM NAME="playCount" VALUE="1">
<PARAM NAME="autoStart" VALUE="-1">
<PARAM NAME="currentMarker" VALUE="0">
<PARAM NAME="invokeURLs" VALUE="-1">
<PARAM NAME="baseURL" VALUE="">
<PARAM NAME="volume" VALUE="80">
<PARAM NAME="mute" VALUE="0">
<PARAM NAME="uiMode" VALUE="full">
<PARAM NAME="stretchToFit" VALUE="-1">
<PARAM NAME="windowlessVideo" VALUE="0">
<PARAM NAME="enabled" VALUE="-1">
<PARAM NAME="enableContextMenu" VALUE="true">
<PARAM NAME="fullScreen" VALUE="0">
<PARAM NAME="SAMIStyle" VALUE="">
<PARAM NAME="SAMILang" VALUE="">
<PARAM NAME="SAMIFilename" VALUE="">
<PARAM NAME="captioningID" VALUE="">
<PARAM NAME="enableErrorDialogs" VALUE="0">
</OBJECT>
</td>
</tr>
</table>
</body>
</html>(再PS:任何方法都不能完全禁止用户下载,因为播放的文件始终都要到浏览器才能播放)