symlink()

(PHP 4, PHP 5, PHP 7)

建立符号连接

说明

symlink()对于已有的$target建立一个名为$link的符号连接。

参数

连接的目标。

连接的名称。

返回值

成功时返回TRUE，或者在失败时返回FALSE。

更新日志

范例

创建一个符号连接

注释

Note:仅针对 Windows：运行 PHP 于Vista、Server 2008 或更高版本才能正常使用。之前版本的 Windows 不支持符号连接。

参见

• link() 建立一个硬连接
• readlink() 返回符号连接指向的目标
• linkinfo() 获取一个连接的信息

Here is a simple way to control who downloads your files...
You will have to set: $filename, $downloaddir, $safedir and $downloadURL.
Basically $filename is the name of a file, $downloaddir is any dir on your server, $safedir is a dir that is not accessible by a browser that contains a file named $filename and $downloadURL is the URL equivalent of your $downloaddir.
The way this works is when a user wants to download a file, a randomly named dir is created in the $downloaddir, and a symbolic link is created to the file being requested. The browser is then redirected to the new link and the download begins.
The code also deletes any past symbolic links created by any past users before creating one for itself. This in effect leaves only one symbolic link at a time and prevents past users from downloading the file again without going through this script. There appears to be no problem if a symbolic link is deleted while another person is downloading from that link.
This is not too great if not many people download the file since the symbolic link will not be deleted until another person downloads the same file. 
Anyway enjoy: 

Symlinks on windows are created by Symlink() which accept only absolute paths but not relative paths .relative paths on windows are not supported for symlinks

Be warned that at least with php 5.3 on windows 2008 R2 the symlink function is effected by the statcache. 
I got error 183 indicating the link existed. While the symlink was actually moved to a different location by another process and would certainly not exist anymore.
Calling clearstatcache with a filename does not work. Most probably as the filename is converted to a device path (e.g. "\Device\HarddiskVolume1\D-Drive\www\pp\#static\index") which is a requirement for the windows call.
easiest is to just call clearstatcache without a filename to resolve the issue.
if you really want to call clearstatcache with a filename you could use readlink on the already deleted symlink (that still lives in the statcache) to get the filename. 
For example something like this: 

Olszewski seems pretty good, but just to boost the security a bit, the fifth line of his script should read

instead of rand(1,24).

To make your code portable on unix AND win32, do the following
1. Download http://www.dynawell.com/reskit/microsoft/win2000/linkd.zip
2. Unzip, put linkd.exe in C:\Windows\System32 or C:\WINNT\System32
3. Include in your code the following

4. Enjoy
_symlink(TARGET,LINK) works like symlink() on *nix
_unlink(LINK) to delete properly the link created

Keep in mind when using a shared filesystem such as NFS, that you probably don't want to create a symbolic link with absolute paths e.g.
On Server1 you are running a PHP script that needs to create a symbolic link called widget2 which links to widget1 inside an NFS share mounted on your localhost at /mnt/nfs/widgets
On Server2 this same NFS share is mounted under /usr/local/widgets
If you used absolute paths on Server1, then Server2 would try to reference /mnt/nfs/widgets/widget1 which it won't be able to find...
You need to cd into the directory first, then create the link - that way the link will be relative. Unless you run the PHP script from the same directory where you'll be creating the symbolic links, then you can't use symlink(). Use exec() instead as follows: 

Olszewski's method of creating downloadable links on the fly is pretty good.
I use a different technique under Apache where if you want a file, you might use a url like:
mydomain.com/files/mysecretfile.doc
But in fact Apache redirects this to a script with a url like:
mydomain.com/utilities/downloadfile.php?filename=mysecretfile.doc
(The browser address bar will still show the first url).
The script downloadfile.php can then handle all the mucky stuff like checking session variables to see if someone is logged on, whether they have access to mysecretfile.doc, and if you want to encrypt before download.
An advantage of this is that the php code to achieve the equivalent of Olszewski's is shorter, so might execute faster. But more importantly, a casual hacker might think all he has to do is find myverysecurefile.doc under the /home/user/public_html/files/mysecretfile.doc, or copy the url - but there's nothing there! He won't find it or get an Apache error page.

鹏仔微信 15129739599 鹏仔QQ344225443 鹏仔前端 pjxi.com 共享博客 sharedbk.com