PHP:使文件夹中的文件访问,只在成功登录后,文件、只在、夹中、PHP
现在,在我的网站,我已经设法通过将用户重定向,成功登录后,到 www.mysite.com/protected_files/redirect.php 页使用这样的事情在我的 www.mysite.com/login.php 的页面:
Right now, in my website, i have managed to redirect the user, after successful login, to a www.mysite.com/protected_files/redirect.php page by using something like this on my www.mysite.com/login.php page:
if( login was successful)
{
include('protected_files/redirect.php');
}
命名的文件夹的 www.mysite.com/protected_files 的,包含了一个的.htaccess 文件,
# This file prevents that your .php view files are accessed directly from the outside
<Files ~ ".(htaccess|php)$">
order allow,deny
deny from all
</Files>
这是造成在 protected_files 文件夹中的所有PHP文件,给用户一个403错误,当他们在浏览器中 www.mysite类型。 COM / protected_files / phpfile1.php
which is causing all .php files in the protected_files folder to give users a 403 error, when they type in their browser www.mysite.com/protected_files/phpfile1.php
这哪里是函数包括(protected_files / anyphpfile.php')就派上用场了。
Which is where the function include('protected_files/anyphpfile.php') comes in handy.
现在,我试图找出如何从 protected_files / phpfile1.php 将用户重定向到 protected_files / phpfile2.php 从菜单栏。
Now, i am trying to figure out how to redirect the user from protected_files/phpfile1.php to protected_files/phpfile2.php from a menu bar.
&LT; A HREF =www.mysite.com/protected_files/phpfile2.php&GT;第2页&LT; / A&GT; 不工作(错误403),因为它属于在 protected_files 文件夹,里面有的.htaccess 文件,并使得它不会从URL aaccessible。
<a href="www.mysite.com/protected_files/phpfile2.php">page2</a> is not working (error 403), because it belongs in the protected_files folder, which has the .htaccess file, and it makes it not aaccessible from a url.
我解决这个事情,是这样的:
My solution to this matter, was something like:
//code in `www.mysite.com/redirect.php`
if ($_GET['page'] == "phpfile2") {
include("phpfile2.php");
} else {
include("phpfile1.php");
}
这意味着,在成功登录后,用户会因为采取) www.mysite.com/protected_files/phpfile1.php 默认( $ _GET [页] ==
Which means that after a successful login, users would be taken to www.mysite.com/protected_files/phpfile1.php by default (since $_GET['page'] == "")
现在,用户在 phpfile1.php ,他可以点击一个链接&LT;?页= phpfile2A HREF = GT ; phpfile2&LT; / A&GT; 去 phpfile2.php 。虽然这样做,他的浏览器在第一次表演 www.mysite.com/login.php 后,他点击了链接,就说明 www.mysite .COM / login.php中?页= phpfile2 。
Now, the user is in phpfile1.php and he can click on an link <a href="?page=phpfile2">phpfile2</a> to go to phpfile2.php. While doing that, his browser at first shows www.mysite.com/login.php and after he clicks on the link , it shows www.mysite.com/login.php?page=phpfile2.
不显示 www.mysite.com/login.php?page=phpfile2 的URL,当我试图做的是用户在 phpfile2.php 页,,但显示的实际文件路径,这是 www.mysite。 COM / protected_files / phpfile2.php
What i am trying to do is not show www.mysite.com/login.php?page=phpfile2 in the url , when the user is in the phpfile2.php page , but to show the actual file path, which is www.mysite.com/protected_files/phpfile2.php
我怎样才能做到,在这种特殊情况下?
能否成功后我可能改变的.htaccess 让 protected_files 变成可达(没有更多的错误403)登录 ?如果我改变我做了完全这个网站的方法是什么?
Could i possibly change the .htaccess so that protected_files becomes reachable (no more error 403) after a successful login ? Should i change the way i made this site completely ?
基本上,到最后,我想有一个文件夹,名为 protected_files ,其中包含的.php是提供给用户的文件,只有经过成功登录。
Basically, in the end, i want to have a folder, named protected_files, which contains .php files that are available to the user, only after a successful login.
推荐答案
修改
<Files ~ ".(htaccess|php)$">
order allow,deny
deny from all
</Files>
到
<Files ~ ".(htaccess|include)$">
order allow,deny
deny from all
</Files>
<Files ~ ".php$">
php_value auto_prepend_file "session_check.include"
</Files>
然后让 session_check.include 检查用户是否登录;如果没有,调用退出()。然后在目录中的所有文件将检查用户是否登录;如果不是,它会退出。如果是这样,该文件将继续像正常的。
Then have session_check.include check to see if the user is logged in; if not, call exit(). Then every file in the directory will check whether the user is logged in; if they are not, it will exit. If they are, the file will continue like normal.
这样一来,你就不必做了一堆花样重写的入站和出站请求,以配合一些伪造了地图 - 你只要让每一个文件加载你登录了吗?检查,因为它做的第一件事。
This way, you don't have to do a bunch of tricks rewriting the inbound and outbound requests to match some faked up map - you just let each file load the "are you logged in yet?" check as the first thing it does.
请参阅怎样修改配置设置的文档就如何 php_value 的作品,和的 php.ini核心配置选项说明,获取有关 AUTO_ prepend_file
See How to change configuration settings for documentation on how the php_value works, and Description of core php.ini directives for documentation on auto_prepend_file
