{"id":1154,"date":"2013-10-23T13:47:03","date_gmt":"2013-10-23T05:47:03","guid":{"rendered":"http:\/\/rais.my\/blog\/?p=1154"},"modified":"2013-10-23T13:47:03","modified_gmt":"2013-10-23T05:47:03","slug":"block-direct-access","status":"publish","type":"post","link":"https:\/\/rais.my\/blog\/block-direct-access\/","title":{"rendered":"Block direct access"},"content":{"rendered":"<p>Assalam,<\/p>\n<p><a href=\"http:\/\/rais.my\/blog\/wp-content\/uploads\/2013\/10\/access-denied.jpg\"><img  title=\"\" loading=\"lazy\" decoding=\"async\" src=\"http:\/\/rais.my\/blog\/wp-content\/uploads\/2013\/10\/access-denied-150x150.jpg\"  alt=\"access-denied-150x150 Block direct access\"  width=\"150\" height=\"150\" class=\"alignleft size-thumbnail wp-image-1163\" \/><\/a>Hari ini nak tulis tutorial ringkas bagaimana kita nak blosk user akses direct kepada fail kita di server. Di mana user boleh akses fail tersebut cuma melalui aplikasi yang kita bangunkan.<\/p>\n<p>Demo : <a href=\"http:\/\/rais.my\/dev\/download\/akses.php\" target=\"_blank\">Di sini<\/a><\/p>\n<p>Secara ringkas:<br \/>\n1. Kita perlu block semua akses menggunakan fail .htaccess<br \/>\n2. Skrip php untuk akses fail tersebut<\/p>\n<p>Berikut contoh mudah di mana semua fail di dalam direktori yang sama.<\/p>\n<p>1. Fail <strong>.htaccess<\/strong><\/p>\n<pre class=\"brush:php\">\r\n<Files ~ \"\\.(txt|jpg)$\">\r\n   Order Deny,Allow\r\n   deny from all\r\n<\/Files>\r\n<\/pre>\n<p>Fail .htaccess ini perlu ditempatkan di direktori yang ingin dihadkan aksesnya. Contoh ini membenarkan akses kesemua fail di dalam direktori kecuali .jpg dan .txt<\/p>\n<p>2. Fail <strong>download.php<\/strong><\/p>\n<pre class=\"brush:php\">\r\n<?php\r\n\r\n\/\/ for secure add some checking here like session checking\r\n\r\ndw($_GET['file']);\r\n\r\nfunction dw($file)\r\n{\r\n\tif (file_exists($file)) {\r\n\t    header('Content-Description: File Transfer');\r\n\t    header('Content-Type: application\/octet-stream');\r\n\t    header('Content-Disposition: attachment; filename='.basename($file));\r\n\t    header('Content-Transfer-Encoding: binary');\r\n\t    header('Expires: 0');\r\n\t    header('Cache-Control: must-revalidate');\r\n\t    header('Pragma: public');\r\n\t    header('Content-Length: ' . filesize($file));\r\n\t    ob_clean();\r\n\t    flush();\r\n\t    readfile($file);\r\n\t    exit;\r\n\t}\r\n}\r\n?>\r\n<\/pre>\n<p>Fail ini akan membaca fail daripada server dan membolehkan pengguna muat turun fail tersebut.<br \/>\nFail ini dijadikan function supaya boleh diguna dimana laman kelak.<\/p>\n<p>Fail <strong>akses.php<\/strong><\/p>\n<pre class=\"brush:php\">\r\nDownload link file : <a href=\"download.php?file=test.txt\">download<\/a><br>\r\nDirect access file : <a href=\"test.txt\">download<\/a>\r\n<\/pre>\n<p>Fail ini memanggil fail download.php dengan menghantar nilai (nama fail yang ingin dimuat turun).<\/p>\n<p>Sekiranya kita membenarkan direct akses tetapi tidak mahu mana-mana bot search engine akses boleh letak fail robots.txt ke dalam document root server.<\/p>\n<p>Fail <strong>robots.txt<\/strong><\/p>\n<pre class=\"brush:php\">\r\nUser-agent: * \r\nDisallow: \r\nDisallow: \/download\/\r\n\r\n<\/pre>\n<p>Membenarkan semua bot engin carian akses keseluruhan server kecuali folder download.<\/p>\n<p>Demo : <a href=\"http:\/\/rais.my\/dev\/download\/akses.php\" target=\"_blank\">Di sini<\/a><\/p>\n<p>So, ini contoh ringkas&#8230; Selamat mencuba.<\/p>\n<p><a href=\"http:\/\/rais.my\">rais.my<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Assalam, Hari ini nak tulis tutorial ringkas bagaimana kita nak blosk user akses direct kepada fail kita di server. Di mana user boleh akses fail tersebut cuma melalui aplikasi yang kita bangunkan. Demo : Di sini Secara ringkas: 1. Kita perlu block semua akses menggunakan fail .htaccess 2. Skrip php untuk akses fail tersebut Berikut [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"cybocfi_hide_featured_image":"","footnotes":""},"categories":[1],"tags":[79,591,611,614,612,613,649,616,615],"class_list":["post-1154","post","type-post","status-publish","format-standard","hentry","category-umum","tag-apache","tag-block","tag-direct-access","tag-download-link","tag-hide-directory","tag-htaccess","tag-php","tag-prevent-crawl","tag-robots-txt"],"_links":{"self":[{"href":"https:\/\/rais.my\/blog\/wp-json\/wp\/v2\/posts\/1154","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rais.my\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rais.my\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rais.my\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rais.my\/blog\/wp-json\/wp\/v2\/comments?post=1154"}],"version-history":[{"count":8,"href":"https:\/\/rais.my\/blog\/wp-json\/wp\/v2\/posts\/1154\/revisions"}],"predecessor-version":[{"id":1164,"href":"https:\/\/rais.my\/blog\/wp-json\/wp\/v2\/posts\/1154\/revisions\/1164"}],"wp:attachment":[{"href":"https:\/\/rais.my\/blog\/wp-json\/wp\/v2\/media?parent=1154"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rais.my\/blog\/wp-json\/wp\/v2\/categories?post=1154"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rais.my\/blog\/wp-json\/wp\/v2\/tags?post=1154"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}