js+php oculta la ruta real con verificación de cifrado para descargar el código completo de archivos pdf, xlsx y otros

<?php
$imgdir = "./1fdgasaa/"; //存储文件夹请自定义
$md5key = "[email protected]"; //加密秘钥请自定义
function webdown($file,$mima="88888888"){
global $imgdir, $md5key;  $dadirs = $imgdir.$file;
if(!file_exists($dadirs)){ header("HTTP/1.1 404 Not Found");exit;}
$mamar = md5("$md5key@$dadirs@$md5key");
if($mamar!=$mima){header('HTTP/1.1 403 Forbidden'); exit;}
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . $file . '"');
header('Content-Length: ' . filesize($dadirs));
readfile($dadirs);
exit();
}

if($_GET['act']=="down"){
$file = (isset($_POST['file']))?addslashes($_POST['file']):"99";
$mima = (isset($_POST['mima']))?addslashes($_POST['mima']):"88";
webdown($file,$mima);
}

$file = "10.pdf";//文件名
$dadirs = $imgdir.$file;
$mamar = md5("$md5key@$dadirs@$md5key");//生成密码

?><input id="file" value="<?php echo $file; ?>">
<input id="mima" value="<?php echo $mamar; ?>">
<span id="rest"></span>
<script type="text/javascript">
function $(objId){
 return document.getElementById(objId);
}
function godown(){
var fd = new FormData();
fd.append('file',$("file").value);
fd.append('mima',$("mima").value);
var xhr = new XMLHttpRequest();
 xhr.responseType = 'blob';
 xhr.onload = function() {
if(xhr.readyState == 4){
if(xhr.status == 404){ $('rest').innerHTML="文件不存在(无此文件)"; }
if(xhr.status == 403){ $('rest').innerHTML="无权限下载(通信秘钥)"; }
if(xhr.status == 200){ 
 var blob = new Blob([this.response], { type: 'application/octet-stream' });
 var url = URL.createObjectURL(blob);
 var a = document.createElement('a');
  a.href = url;
  a.download = $('file').value;
  document.body.appendChild(a);
  a.click();
  document.body.removeChild(a);
 }
 }
};
xhr.open('POST','?act=down&v='+$('mima').value,true);
xhr.send(fd);//post文件名和密钥
}
godown();
</script>