发表新帖
发表新帖

How to avoid UNLINK security risks in PHP?

后端 未结
关注
7 1140
深忆病人
深忆病人 2021-01-12 18:59

I\'m using UNLINK with PHP and AJAX. I know that in this way is very dangerous, because everyone can delete any files. But I need to use AJAX

7条回答
  • 盖世英雄少女心
    盖世英雄少女心 (楼主)
    2021-01-12 19:33

    you can simplify your task by using a very simple database substitution - a directory structure. keep user's files in user's directory. so, you can always check if particular user has rights to delete. Name a directory after user's name, or - much better - numeric user id

    just something like

    $photo_id = basename($_GET['photo_id'];)
$filename = $filebase.$_SESSION['user_id']."/".$photo_id;
if (file_exists($filename) unlink ($filename);

    0 讨论(0)
 看不清?
提交回复
热议问题