一年一年又一年

过完今天。就到十一月份了。。一年一年又一年。过的发快。。惟一不变的是那一年春夏秋冬。。今天北京的天灰蒙蒙的。早上没有带伞。还淋了几点小雨。。。一年一年又一年。。小车不倒继续推。

nginx securedown

nginx有一个防盗链的模块,secure download

这个东东可以生成一个一定时间过期的链接

原理:

The theory

A generated URI must have the following format:

生成一个以下格式的链接

<real_path>/<md5_hash>/<expiration_timestamp>

真实地址/md5_hash/过期时间

the md5 hash gets generated out of the following string:

md5 hash使用以下字符串生成

<real_path>/<secret (user supplied)>/<expiration_timestamp>

真实地址/密码(用户提供)/过期时间戳

  • real_path can be either the path of the file which you want to access or the folder which contains the file, which of those two has to be defined in the nginx config
  • secret is some random string which must be known by the nginx config and by the link generating script
  • expiration_timestamp is a unix_timestamp (seconds since beginning of 1970) in hexadecimal format

例子:

Lets say you have a file in your document root under the path “/somefolder/protected.html”. Now you want to generate a link which expires in 20 minutes, so you do following:

让我们来看一个例子,你有一个位于根目录下的文件“/somefolder/protected.html”.你想生成一个20分钟过期的链接。

  • Get the current(expire) timestamp, for example from http://www.unixtimestamp.com/index.php. In this example our timestamp would be 1240928342
  • 得到过期时间戳(这里文档上写成了当前时间戳),可以从http://www.unixtimestamp.com/index.php得到,这里的是1240928342
  • Convert the timestamp into hex, like for example http://www.easycalculation.com/decimal-converter.php does. Our timestamp in hex is 49F71056
  • 把时间戳转换成16进制。可以使用http://www.easycalculation.com/decimal-converter.php.我们的时间戳16进制为49F71056
  • Now you need to decide for a secret string. It needs to be set in the nginx config with the parameter secure_download_secret. For example “privatestring”
  • 现在你需要决定使用一个密码串。它可以被设置到nginx配置文件里,在secure_download_secret参数里。例如“privatestring”
  • Then you put the following string together “/somefolder/protected.html/privatestring/49F71056″ which consists of “<real path/secret string/timestamp in hex”
  • 现在把这些字符串放到一起”/somefolder/protected.html/privatestring/49F71056″
  • Now you need to create an md5 hash of that string which we put together, for example on http://www.xs4all.nl/~jlpoutre/BoT/Javascript/Utils/md5_hashing.html. Then the resulting md5 should be f901b5272c17b456fabf49c3e9bcc120
  • 现在你需要把这个字符串进行md5 hash。结果为:f901b5272c17b456fabf49c3e9bcc120
  • ok, you got everything you need, now you just have to put it together in the format “<real_path>/<md5>/<timestamp>” in our example this would look like “/somefolder/protected.html/f901b5272c17b456fabf49c3e9bcc120/49F71056″
  • 现在,你得到所有必要的东西,你仅仅需要把它们组合在一起“<真实地址>/<md5>/<时间戳>”,在这个例子中看起来是这样的“/somefolder/protected.html/f901b5272c17b456fabf49c3e9bcc120/49F71056”
  • thats it, now you got your link which is only valid until the included timestamp gets reached
  • 现在你得到的地址在时间戳之前使用是有效的。

测试用的php这样写:

<?php

$secure_str = ‘hackers365′;
$url = ‘/attachment/ylmf.iso';
$expire_ts = time() + 300;
$hex_str = dechex($expire_ts);

$client_host = ‘hackers365′.$_SERVER[‘REMOTE_ADDR’];
$toge_str = $url . ‘/’ . $client_host . ‘/’ . $hex_str;
$hash_str = bin2hex(mhash(MHASH_MD5, $toge_str));
$t_url = $url . ‘/’ . $hash_str . ‘/’ . $hex_str . ‘?filename=’ . basename($url);
var_dump(‘http://to’ . $t_url);
header(“location:$t_url”);

?php>

 

nginx配置文件:

        location ~ ^/download/ {
           secure_download on;
           secure_download_secret hackers365$remote_addr;
           secure_download_path_mode file;
           if ($secure_download !~ “^-.”) {
                 rewrite ^/download(.*)/[0-9a-zA-Z]*/[0-9a-zA-Z]*$ /download$1 last;
           }   
           if ($secure_download = “-1″) {
                 return 405;
           }   
           if ($secure_download = “-2″) {
                 return 502;
           }   
            if ($secure_download = “-3″) {
                 return 500;
           }   
            if ($args ~* “filename=(.*)”) {
                set $filename $1;
            }
            set_unescape_uri $filename $filename;
            add_header Content-Type application/octet-stream;
            #escape only ie6,other decode
            if ($http_user_agent ~* ‘msie’) {
                 set_escape_uri $filename $filename;
            }
            add_header Content-Disposition “attachment; filename= “$filename””;


       }   

这里我们可以使用一个?filename=XXXX的参数。来指定用户最终保存的文件名,要不然文件会被保存成时间戳md5 hex

 

说明:为了兼容ie6下载不出现乱码。仅需要对ie6作escape_uri的操作。所以nginx需要多两个模块ngx_devel_kit和agentzh-set-misc-nginx-module。其它浏览器均为不解码的文件就可以。

 

请插入sim卡

手机被我不小心摔了一下…结果提示”请插入sim卡”.重启了几次.也没用..

网上搜了一下.电池从左向右第一个触点是检查sim卡是否插入的..可能是这个地方松了..拿针把电池的第一个触点往中间靠一下就OK了…

mysql bin-log

mysql删除bin-log

purge master logs to ‘mysql-bin.000011′;

删除这个日志之前的

 

purge master logs before  ‘2011-05-05 00:30:00′;

删除这个时间点之前的

 

purge master logs before DATE_SUB(NOW(), ‘INTERVAL 3 day’);

 

自动删除bin-log配置

expires_logs_days = 7

注意:设置这个参数可以自动清除几天前的bin-log日志..但是作用点在:

1. 重启mysql时

2. bin-log flush时

 

mysql的DATE_SUB函数

DATE_SUB(date,INTERVAL expr type)

date 参数是合法的日期表达式。expr 参数是您希望添加的时间间隔。