阻止人们注册与您的根文件夹相同的用户名
[英]prevent people from registering a username that is the same as your root folder
问题描述
I'm using .htaccess to load a social network profile 
我正在使用.htaccess加载社交网络个人资料
RewriteEngine on
RewriteRule ^([a-zA-Z0-9_-]+)$ /users/users.php?username=$1
But the problem is anyone could register a username that is the same as maybe "admin" 但是问题是,任何人都可以注册一个与“ admin”相同的用户名。
Is there any way to prevent that with either .htaccess or php? 有什么方法可以通过.htaccess或php来防止这种情况吗?
2 个解决方案
解决方案1
1 已采纳 2014-08-28 00:12:40
I found a solution! 我找到了解决方案!
<?php
$dir = '/var/www';
$files = scandir($dir);
if (in_array("forum", $files)) {
echo "username Exists";
}
?>
解决方案2
0 2014-08-28 00:06:31
You can do this with a negative lookahead assertion ( (?!…) ): 您可以使用否定的超前断言( (?!…) )来执行此操作:
RewriteRule ^(?!admin)([a-zA-Z0-9_-]+)$ /users/users.php?username=$1
However, I'd recommend performing validation at the time the user is created and then validating that the user exists in the database before allowing access to any files. 但是,我建议在创建用户时执行验证,然后在允许访问任何文件之前验证用户是否存在于数据库中。 Even better, consider redesigning your system so that user information isn't stored in a directory structure, but in the database somewhere. 更好的是,考虑重新设计系统,以便用户信息不存储在目录结构中,而是存储在数据库中的某个地方。 Alternatively, if you really have to store user files on the file system you can make sure each user has a unique numeric user id and use that as the folder name. 或者,如果确实需要在文件系统上存储用户文件,则可以确保每个用户都有唯一的数字用户ID,并将其用作文件夹名称。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.