[英]How to give the AuthUserFile access only for specific page?
I have one page on my root folder called export.php
. 我的根文件夹上有一页名为
export.php
。 Now I don't want to give access to this page to all the users. 现在,我不想授予所有用户访问此页面的权限。
What I am trying to achieve, If any user tries to access export.php
page then one alert will display and it will ask for the username and password. 我要达到的目的,如果有任何用户尝试访问
export.php
页面,则会显示一个警报,并询问用户名和密码。 Once login details are correct then the page will be accessible. 登录信息正确无误后,即可访问该页面。 I tried some code on htaccess.
我在htaccess上尝试了一些代码。
Now I have two issues, 现在我有两个问题,
1) I am getting alert on all the pages. 1)我在所有页面上都收到警报。 How do I set only for the export.php page?
如何只为export.php页面设置?
2) After entering the username and password I am getting a server error. 2)输入用户名和密码后,出现服务器错误。
htaccess htaccess
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.php [NC,L]
AuthType Basic
AuthName "Access to the Hidden Files"
AuthUserFile 'http://localhost:8080/example/.htpassword'
Require valid-user
Solution . 解决方法 。
First I found the path using <?php echo $_SERVER['DOCUMENT_ROOT']; ?>
首先,我使用
<?php echo $_SERVER['DOCUMENT_ROOT']; ?>
找到了路径<?php echo $_SERVER['DOCUMENT_ROOT']; ?>
<?php echo $_SERVER['DOCUMENT_ROOT']; ?>
Output: /opt/lampp/htdocs/example/
输出:
/opt/lampp/htdocs/example/
then I added path in htaccess file 然后我在htaccess文件中添加了路径
SetEnvIfNoCase Request_URI /export SECURED
AuthName "Access to the Hidden Files"
AuthType Basic
AuthUserFile "/opt/lampp/htdocs/example/.htpasswd"
AuthGroupFile /
Require valid-user
Satisfy any
Order Allow,Deny
Allow from all
Deny from env=SECURED
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.php [NC,L]
Rewrite all to router.php and then rewrite from php (small mvc for example https://github.com/breakermind/Tronix ). 将所有内容重写为router.php,然后从php重写(例如小型mvc https://github.com/breakermind/Tronix )。
Better solution, check if the user has permissions in php file: 更好的解决方案,检查用户是否对php文件具有权限:
<?php
// User field from users table (add to session when logging)
if($_SESSION['user']['allow_export'] == 9 && isIpAddressAllowedFunc($_SERVER['REMOTE_ADDR'])){
// show content
}else{
// Redirect or log out user
header('Location: index.php');
exit;
}
?>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.