This is how I do it in PHP:

这就是我在 PHP 中的做法：

<?php
$fakeFileName= "fakeFileName.zip";
$realFileName = "realFileName.zip";

$file = "downloadFolder/".$realFileName;
$fp = fopen($file, 'rb');

header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename=$fakeFileName");
header("Content-Length: " . filesize($file));
fpassthru($fp);
?>

Additionally, if you don't want anyone to have access to the file location, put a file named .htaccessinto your download folder with only the contents:

此外，如果您不希望任何人访问文件位置，请将一个名为的文件.htaccess放入您的下载文件夹中，其中仅包含以下内容：

deny from all

I changed the code a little. First when I say fake file name and real file name, the fake filename is the name that the downloader will download the file as, where the real filename is the name of the actual file in the download folder on your server.

我稍微更改了代码。首先，当我说假文件名和真实文件名时，假文件名是下载器将下载文件的名称，其中真实文件名是服务器上下载文件夹中实际文件的名称。

Also, I check to make sure the user is logged in and is able to download the file. If he chooses to download the file, a PHP file is called in a new tab (with the download code from above), then at the end of the file I have the line:

此外，我会检查以确保用户已登录并能够下载文件。如果他选择下载文件，则会在新选项卡中调用一个 PHP 文件（使用上面的下载代码），然后在文件末尾我有一行：

exit;

So when he clicks on the download link, a blank page pops up in a new tab quickly, then quickly exits and the download begins.

所以当他点击下载链接时，在新标签页中快速弹出一个空白页面，然后快速退出并开始下载。

EDIT:The download link looks something like this:

编辑：下载链接如下所示：

<a href="simpleDown.php?id=<?php echo $_GET['id']; ?>" target="_blank">Download!</a>

Where idis the idof the download in the database, and in the download script from above I find the entry with that id, then get its real file name and the fake file name. You can do this without the database though.

哪里id是id下载的数据库，并从上面我找到了进入的下载脚本id，然后获取其真正的文件名和假文件名。不过，您可以在没有数据库的情况下执行此操作。

Perhaps you would want to look into either Mod Rewrite, or use your PHP script to be able to access the file by simply going to file.php?f=someHashand then using an octet stream to force the user to download the file.

也许您想要查看 Mod Rewrite，或者使用您的 PHP 脚本来访问文件，只需转到file.php?f=someHash然后使用八位字节流强制用户下载文件即可。

What you are going to want to do is have the user directed to fake_url.phpand then rewrite that URL to a different file - real_url.php. This effectively renders the real_url.phpas hidden because the user is unaware of the redirect happening in your .htaccessfile.

您要做的是将用户定向到fake_url.php然后将该 URL 重写为不同的文件 - real_url.php. 这有效地将 呈现real_url.php为隐藏，因为用户不知道您的.htaccess文件中发生的重定向。

RewriteRule fake_url.php(.*)$ real_url.php? [L,QSA]

In your real_url.php, you can read the parameters passed through the redirect and then use something similar to readFile()to send the appropriate file back to the user from within real_url.php

在您的 中real_url.php，您可以读取通过重定向传递的参数，然后使用类似于readFile()从内部将适当的文件发送回用户real_url.php

So the user will only see the URL -
https://my-secret-site/download.php?file=file_to_download

所以用户只会看到 URL -
https://my-secret-site/download.php?file=file_to_download

And in your real_url.phpyou'll know what file was requested by inspecting the $_GET['file']parameter.

在您的real_url.php文件中，您将通过检查$_GET['file']参数知道请求的是哪个文件。

The actual location of the files that the user is downloading does not matter anymore. All downloads go though fake_url.phpand only that script needs to know the real location of the downloads folder.

用户正在下载的文件的实际位置不再重要。所有下载都可以进行fake_url.php，只有该脚本需要知道下载文件夹的真实位置。