直接URL访问PHP保护目录直接、目录、URL、PHP
我有一个管理脚本。
I have an ADMIN script.
admin/index.php
所有的活动都是通过这个的index.php 文件来完成。 用户登录在获得该程序的功能访问之前。 $ _ SESSION ['user_authenticated'] 创建并设置为真的。照片
All activity is done through this index.php file. Users are logging in before gaining access to the program functionality.$_SESSION['user_authenticated'] is created and set to true.
admin/template/..
此文件夹包含图片, CSS ,的JavaScript 文件。 他们只是在这个ADMIN使用。 (在后台只)的
This folder contains images, css, javascript files. They are used only within this ADMIN. (in the backend only)
的问题:
我需要从管理/模板/..目录加以保护,防止直接进入。照片应该是可用只有通过身份验证的用户。
I need all the content from admin/template/.. directory to be protected against direct access.It should be available only to authenticated users.
我想必须有一个的.htaccess 重定向请求 check_session_auth_variable.php ,它看起来如果 $ _ SESSION ['user_authenticated'] 是真正或错误和重定向到请求的文件或< STRONG>抛出一个404错误
I guess there has to be a .htaccess redirecting requests to check_session_auth_variable.php, which looks if $_SESSION['user_authenticated'] is true or false and redirects to requested file or throws a 404 error?
我知道,最好的办法是把Web根目录以外的目录,但对我来说,我需要不断的目录结构,而不做修改。的
推荐答案
管理/ htaccess的:
RewriteCond %{REQUEST_FILENAME} !check_auth.php
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule .* check_auth.php?file=$0 [QSA,L] # pass everything thru php
管理/ check_auth.php:
$file = $_GET['file'];
if($_SESSION['user_authenticated']) {
// please mind you need to add extra security checks here (see comments below)
readfile($file); // if it's php include it. you may need to extend this code
}else{
// bad auth error
}
