堆栈内存溢出
  简体   繁体   English

PHP和htpasswd

[英]PHP and htpasswd

 原文  2009-04-03 05:36:58       php/ .htaccess/ .htpasswd

问题描述

I have a structure like this: 我有这样的结构: 

/home
/home/dir1
/home/dir2

Now when someone goes to /home, he is asked for username and password (in a form) and I set session information in PHP for the remaining files of /home. 现在,当有人去/ home时,要求他输入用户名和密码(以一种形式),我用PHP为/ home的其余文件设置了会话信息。 Now /home/dir1 and /home/dir2 are protected by htpasswd but the same username and password. 现在,/ home / dir1和/ home / dir2受htpasswd保护,但用户名和密码相同。 I dont want the user to re-enter their username and password again when they go to /home/dir1... Also when I logout from /home, I want to logout from /home/dir1 also. 我不希望用户在进入/ home / dir1时再次输入用户名和密码...同样,当我从/ home注销时,我也想从/ home / dir1注销。 Can you please advice on how to achieve this? 能否请您提供有关如何实现此目标的建议?

2 个解决方案

解决方案1
 3 已采纳  2009-04-03 05:54:09

This should be the default behaviour. 这应该是默认行为。

That is, if you are using Apache and .htaccess files to set up HTTP authentication, any rules you apply to a directory will also apply to its child directories, and it will be treated by the browser as all one login. 也就是说,如果使用Apache和.htaccess文件设置HTTP身份验证,则应用于目录的任何规则也将应用于其子目录,浏览器会将其视为所有一次登录。

If you want it to act differently, ie if you wanted some sections of the site to be treated as requiring a completely separate login, you would specify a 'realm' for each section using the AuthName directive in .htaccess. 如果您希望其行为有所不同,即,如果您希望将网站的某些部分视为需要完全独立的登录名,则可以使用.htaccess中的AuthName指令为每个部分指定一个“领域”。 More information here . 更多信息在这里 However, if you don't do that, it will always be treated as all part of the same login. 但是,如果您不这样做,它将始终被视为同一登录名的所有部分。

The thing about HTTP authentication is that there is no way to 'log out', at least not unless the browser provides that feature. 关于HTTP身份验证的事情是没有办法“注销”,至少除非浏览器提供了该功能,否则就没有办法。 The only way most browsers will allow you to log you out is by ending the browser session (ie closing the browser). 大多数浏览器允许您注销的唯一方法是结束浏览器会话(即关闭浏览器)。 And yes, once you do this, you'll be logged out of /home, /home/dir1, /home/dir2 and all directories on all sites/realms. 是的,一旦执行此操作,您将退出/ home,/ home / dir1,/ home / dir2以及所有站点/领域中的所有目录。

解决方案2
 0  2009-05-27 15:59:47

In Apache as long as both folders have the same AuthName and are on the same site they should share a password. 在Apache中,只要两个文件夹具有相同的AuthName并且在同一站点上,它们就应该共享一个密码。

Both directories might have a .htaccess file like so: 这两个目录可能都有一个.htaccess文件,如下所示: 

AuthName "My Protect Folder"
AuthType basic
AuthUserFile /somewhere/htusers
require valid-user

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在 PHP 中验证/绕过 .htaccess .htpasswd - authenticate / bypass .htaccess .htpasswd in PHP PHP生成的.htpasswd放在哪里? - Where to place .htpasswd generated by PHP? 如何在PHP下生成.htpasswd - How to generate .htpasswd under PHP htpasswd用php变量保护页面 - htpasswd protect a page with php variables 允许通过.htpasswd访问php文件? - allow php file access protected folder by .htpasswd? 如何使用php为htpasswd文件生成密码 - how to generate a password for htpasswd file using php 如何使用 php 生成.htpasswd 密钥,我可以将其插入到我的 ubuntu 服务器上的 my.htpasswd 文件中? - How to generate .htpasswd keys with php that I could insert into my .htpasswd file on my ubuntu server? 使用.htpasswd保护文件夹,但允许在保护密码的同时下载php - Protecting folder using .htpasswd, but allowing php download while protecting password .htpasswd添加/删除/更新用户名和密码-PHP Windows - .htpasswd add/remove/update usernames & passwords - php windows 如何使用 PHP 验证 htpasswd 生成的 bcrypt hash? - How to verify a htpasswd-generated bcrypt hash using PHP?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM