现在,在我的网站,我已经设法通过将用户重定向,成功登录后,到 www.mysite.com/protected_files/redirect.php
页使用这样的事情在我的 www.mysite.com/login.php 的页面:
Right now, in my website, i have managed to redirect the user, after successful login, to a www.mysite.com/protected_files/redirect.php
page by using something like this on my www.mysite.com/login.php page:
if( login was successful)
{
include('protected_files/redirect.php');
}
命名的文件夹的 www.mysite.com/protected_files
的,包含了一个的.htaccess
文件,
# This file prevents that your .php view files are accessed directly from the outside
<Files ~ ".(htaccess|php)$">
order allow,deny
deny from all
</Files>
这是造成在 protected_files
文件夹中的所有PHP文件,给用户一个403错误,当他们在浏览器中 www.mysite类型。 COM / protected_files / phpfile1.php
which is causing all .php files in the protected_files
folder to give users a 403 error, when they type in their browser www.mysite.com/protected_files/phpfile1.php
这哪里是函数包括(protected_files / anyphpfile.php')
就派上用场了。
Which is where the function include('protected_files/anyphpfile.php')
comes in handy.
现在,我试图找出如何从 protected_files / phpfile1.php
将用户重定向到 protected_files / phpfile2.php
从菜单栏。
Now, i am trying to figure out how to redirect the user from protected_files/phpfile1.php
to protected_files/phpfile2.php
from a menu bar.
&LT; A HREF =www.mysite.com/protected_files/phpfile2.php&GT;第2页&LT; / A&GT;
不工作(错误403),因为它属于在 protected_files
文件夹,里面有的.htaccess
文件,并使得它不会从URL aaccessible。
<a href="www.mysite.com/protected_files/phpfile2.php">page2</a>
is not working (error 403), because it belongs in the protected_files
folder, which has the .htaccess
file, and it makes it not aaccessible from a url.
我解决这个事情,是这样的:
My solution to this matter, was something like:
//code in `www.mysite.com/redirect.php`
if ($_GET['page'] == "phpfile2") {
include("phpfile2.php");
} else {
include("phpfile1.php");
}
这意味着,在成功登录后,用户会因为采取
) www.mysite.com/protected_files/phpfile1.php
默认( $ _GET [页] ==
Which means that after a successful login, users would be taken to www.mysite.com/protected_files/phpfile1.php
by default (since $_GET['page'] == ""
)
现在,用户在 phpfile1.php
,他可以点击一个链接&LT;?页= phpfile2A HREF = GT ; phpfile2&LT; / A&GT;
去 phpfile2.php
。虽然这样做,他的浏览器在第一次表演 www.mysite.com/login.php
后,他点击了链接,就说明 www.mysite .COM / login.php中?页= phpfile2
。
Now, the user is in phpfile1.php
and he can click on an link <a href="?page=phpfile2">phpfile2</a>
to go to phpfile2.php
. While doing that, his browser at first shows www.mysite.com/login.php
and after he clicks on the link , it shows www.mysite.com/login.php?page=phpfile2
.
不显示 www.mysite.com/login.php?page=phpfile2
的URL,当我试图做的是用户在 phpfile2.php
页,,但显示的实际文件路径,这是 www.mysite。 COM / protected_files / phpfile2.php
What i am trying to do is not show www.mysite.com/login.php?page=phpfile2
in the url , when the user is in the phpfile2.php
page , but to show the actual file path, which is www.mysite.com/protected_files/phpfile2.php
我怎样才能做到,在这种特殊情况下?
能否成功后我可能改变的.htaccess
让 protected_files
变成可达(没有更多的错误403)登录 ?如果我改变我做了完全这个网站的方法是什么?
Could i possibly change the .htaccess
so that protected_files
becomes reachable (no more error 403) after a successful login ? Should i change the way i made this site completely ?
基本上,到最后,我想有一个文件夹,名为 protected_files
,其中包含的.php是提供给用户的文件,只有经过成功登录。
Basically, in the end, i want to have a folder, named protected_files
, which contains .php files that are available to the user, only after a successful login.
修改
<Files ~ ".(htaccess|php)$">
order allow,deny
deny from all
</Files>
到
<Files ~ ".(htaccess|include)$">
order allow,deny
deny from all
</Files>
<Files ~ ".php$">
php_value auto_prepend_file "session_check.include"
</Files>
然后让 session_check.include
检查用户是否登录;如果没有,调用退出()
。然后在目录中的所有文件将检查用户是否登录;如果不是,它会退出。如果是这样,该文件将继续像正常的。
Then have session_check.include
check to see if the user is logged in; if not, call exit()
. Then every file in the directory will check whether the user is logged in; if they are not, it will exit. If they are, the file will continue like normal.
这样一来,你就不必做了一堆花样重写的入站和出站请求,以配合一些伪造了地图 - 你只要让每一个文件加载你登录了吗?检查,因为它做的第一件事。
This way, you don't have to do a bunch of tricks rewriting the inbound and outbound requests to match some faked up map - you just let each file load the "are you logged in yet?" check as the first thing it does.
请参阅怎样修改配置设置的文档就如何 php_value
的作品,和的 php.ini核心配置选项说明,获取有关 AUTO_ prepend_file
See How to change configuration settings for documentation on how the php_value
works, and Description of core php.ini directives for documentation on auto_prepend_file