我设计了一个网站，并在其中我有一个范围而与我的系统进行交互的PHP脚本。例如，如果一个用户上传的图像，这是由脚本处理的

I have designed a website, and within it I have a range of PHP scripts which interact with my system. For example, if a user uploads an image, this is processed by the script

image.php 

和如果在这个用户登录由脚本处理的

and if a user logs in this is processed by the script

login.php

所有这些脚本都存储在名为的文件夹中：脚本

All these scripts are stored in the folder called: scripts

如何确保某人不能访问这些页面，但是仍然确保它们可以由系统使用？我想确保PHP页面将接受岗位价值，获取价值和可以重定向到其他页面，但无法通过地址栏直接访问或下载？

How do I ensure someone cannot access these pages, however still ensure they can be used by the system? I want to ensure the PHP pages will accept post values, get values and can redirect to other pages, but not be directly accessed via the address bar or downloaded?

我试图用的.htaccess使用，以阻止用户访问所有和限制GET，POST 但这$ P否认$无法正常工作，因为我无法在所有访问这些文件pvented系统。

I attempted to block access using .htaccess using deny from all and Limit GET, POST but this prevented the system from working as I could not access those files at all.

推荐答案

阻止文件的htaccess使得无法访问这些文件的请求，如页面的访问者。所以，你需要一个代理文件，通过访问者的请求文件。对于这一点，看看在 MVC模式的和 Front Controller模式。

Blocking files with htaccess makes the files inaccessible to the requestor, e.g. the visitor of the page. So you need a proxy file to pass the visitor's request to the files. For that, have a look at the MVC pattern and the Front Controller pattern.

基本上，你会想要做的就是所有请求路由到一个单一入口点，例如： index.php文件，并从那里，它的行动决定（脚本）被调用来处理请求。然后，你可以将可公开访问的文件夹之外的脚本和模板或，如果这是不可能的（一些共享主机上），保护与htaccess的文件夹一样，你已经做了（拒绝从ALL），那么

Basically, what you will want to do is route all requests to a single point of entry, e.g. index.php and decide from there, which action(your scripts) is called to process the request. Then you could place your scripts and templates outside the publicly accessible folder or, if that is impossible (on some shared hosts), protect the folders with htaccess like you already did (DENY FROM ALL) then.

要使用上传脚本，你必须像 http://example.com/index.php?action=upload 的URL。

To use the upload script you'd have a URL like http://example.com/index.php?action=upload.

一个supersimple的FrontController是那么容易，因为

A supersimple FrontController is as easy as

$scriptPath      = 'path/to/your/scripts/directory/';
$defaultAction   = 'action404.php';
$requestedAction = $_GET['action']; // you might want to sanitize this

switch($action) {
    case 'upload':
        $actionScript = 'image.php';
        break;
    case 'login':
        $actionScript = 'login.php';
        break;
    default:
        $actionScript = $defaultAction;
}
include $scriptPath . $actionScript;
exit;

您的动作会那么做一切你需要做的请求，包括重定向，数据库访问，身份验证，上传的东西，呈现模板，等等 - 任何你认为有必要的。默认操作在上面的例子可以是这样的：

Your actionScript would then do everything you need to do with the request, including redirection, db access, authentication, uploading stuff, rendering templates, etc - whatever you deem necessary. The default action in the example above could look like this:

<?php // action404.php
    header('HTTP/1.1 404 File Not Found');
    fpassthru('path/to/template/directory/error404.html');

有在PHP中 FrontController设计图案众多的实现。有的简单，有的复杂。该 codeIgniter框架采用了轻量级的MVC /的​​FrontController实现，可能不会过于庞大，如果这是新的给您。

There is numerous implementations of the FrontController pattern in PHP. Some simple, some complex. The CodeIgniter framework uses a lightweight MVC/FrontController implementation that might not be too overwhelming if this is new to to you.

像阿特利上述建议，你可以使用的mod_rewrite 强制所有请求的index.php，你也可以用它来pretty的你的网址。这是MVC框架的普遍做法，并已广泛覆盖这里和其他地方。

Like Atli above suggested, you could use mod_rewrite to force all requests to index.php and you could also use it to pretty up your URLs. This is common practice with MVC frameworks and has been covered extensively here and elsewhere.