堆栈内存溢出
  简体   繁体   English

如何只为特定页面授予AuthUserFile访问权限?

[英]How to give the AuthUserFile access only for specific page?

 原文  2019-09-05 06:06:41       php/ .htaccess/ .htpasswd

问题描述

I have one page on my root folder called export.php . 我的根文件夹上有一页名为export.php Now I don't want to give access to this page to all the users. 现在,我不想授予所有用户访问此页面的权限。

What I am trying to achieve, If any user tries to access export.php page then one alert will display and it will ask for the username and password. 我要达到的目的,如果有任何用户尝试访问export.php页面,则会显示一个警报,并询问用户名和密码。 Once login details are correct then the page will be accessible. 登录信息正确无误后,即可访问该页面。 I tried some code on htaccess. 我在htaccess上尝试了一些代码。

Now I have two issues, 现在我有两个问题,

1) I am getting alert on all the pages. 1)我在所有页面上都收到警报。 How do I set only for the export.php page? 如何只为export.php页面设置?

2) After entering the username and password I am getting a server error. 2)输入用户名和密码后,出现服务器错误。 在此处输入图片说明

htaccess htaccess 

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.php [NC,L]


AuthType Basic
AuthName "Access to the Hidden Files"
AuthUserFile 'http://localhost:8080/example/.htpassword'
Require valid-user

Solution . 解决方法

First I found the path using <?php echo $_SERVER['DOCUMENT_ROOT']; ?> 首先,我使用<?php echo $_SERVER['DOCUMENT_ROOT']; ?>找到了路径<?php echo $_SERVER['DOCUMENT_ROOT']; ?> <?php echo $_SERVER['DOCUMENT_ROOT']; ?>

Output: /opt/lampp/htdocs/example/ 输出: /opt/lampp/htdocs/example/

then I added path in htaccess file 然后我在htaccess文件中添加了路径 

SetEnvIfNoCase Request_URI /export SECURED

AuthName "Access to the Hidden Files"
AuthType Basic
AuthUserFile "/opt/lampp/htdocs/example/.htpasswd"
AuthGroupFile /
Require valid-user

Satisfy    any
Order      Allow,Deny
Allow from all
Deny from env=SECURED


RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.php [NC,L]

1 个解决方案

解决方案1
 0  2019-09-05 08:05:46

Rewrite all to router.php and then rewrite from php (small mvc for example https://github.com/breakermind/Tronix ). 将所有内容重写为router.php,然后从php重写(例如小型mvc https://github.com/breakermind/Tronix )。

Better solution, check if the user has permissions in php file: 更好的解决方案,检查用户是否对php文件具有权限: 

<?php
// User field from users table (add to session when logging)
if($_SESSION['user']['allow_export'] == 9 && isIpAddressAllowedFunc($_SERVER['REMOTE_ADDR'])){
    // show content
}else{
    // Redirect or log out user
    header('Location: index.php');
    exit;
}

?>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 WordPress 如何仅允许订阅者访问页面 - WordPress how to give access to a page only for subscribers 如何仅允许一个特定用户访问更新页面? - How to give access to an update page to one particular user only? 如何仅访问一个特定页面YII2(高级模板)? - How to access only one specific page YII2 (Advanced Template)? 如何给用户临时访问特定链接的权限? - How to give users temporary access to specific links? "如何让特定用户访问 PHP 中的特定网站?" - How do I give specific users access to specific websites in PHP? 如何在服务器中授予访问权限执行特定的php文件? - How to give access execute specific php file in server? 如何使用用户代理仅允许访问特定移动应用程序的网页 - how to allow access to web page only specific mobile app using user agent 如何在公共用户访问特定页面时对其进行授权,以实现只读目的 - How to authorize public users when they access on the specific page, for read-only purposes HTTP_REFERER困境:只有当访问者事先访问过另一个特定页面时,我才能允许访问特定页面? - HTTP_REFERER woes: How can I allow access to a specific page, only when a visitor has visited another specific page beforehand? 如何在drupal 7中仅授予特定用户“添加内容”访问权限? - How to give only “Add content” access permission for a particular users in drupal 7?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM