简体繁体 English

使用PHP身份验证的HTTP身份验证

[英]HTTP authentication using PHP authentication

原文 2010-06-19 04:59:09 1 2 php/ javascript

I'm making a members area for my site and I have it already running. 我正在为我的站点创建一个成员区域，并且它已经在运行。 I authenticate members using mysql and php and this works really well. 我使用mysql和php对成员进行身份验证，这确实很好。

But now problems occurs, I would like to offer members a possibility to upload files to the systems, and those files should be available ONLY to logged in members. 但是现在出现了问题，我想为成员提供将文件上传到系统的可能性，并且这些文件应仅对登录成员可用。

I know I could store those files to a database or even in a filesystem and serve them throught php, BUT this will get very heavy for the server when members upload bigger files. 我知道我可以将这些文件存储到数据库甚至文件系统中，并通过php提供服务，但是当成员上传较大的文件时，这对于服务器将变得非常沉重。 Those files might be even 20MB or even bigger. 这些文件可能甚至20MB甚至更大。

I would like to let apache serve the files, but just need to find a way to automatically do the http authentication, so users wouldn't need to log in twice. 我想让apache提供文件，但是只需要找到一种自动执行http身份验证的方法，这样用户就不需要登录两次。 I suppose it is ok to make this http authentication behind one username and password, something like when a user logs in to the php and mysql authentication, transparently at the same time javascript etc. would do that http authentication also, every member would do the http authentication with the same credentials. 我想可以在一个用户名和密码后面进行此HTTP身份验证，例如，当用户登录php和mysql身份验证时，透明地同时使用javascript等，这样也可以进行http身份验证，每个成员都可以具有相同凭据的http身份验证。 Of course I wouldn't want to store those http auth credentials in a javascript file, but something ajax like solution maybe would do the trick. 当然，我不想将这些http auth凭证存储在javascript文件中，但是诸如解决方案之类的ajax也许可以解决问题。 I'm just not sure how to do this. 我只是不确定如何执行此操作。

2 个解决方案

It seems like you are confusing authentication (where you provide some way to login) with HTTP authentication (where you specifically use the HTTP protocol to authenticate, and the browser shows a popup to the user). 似乎您将身份验证（您提供某种登录方式）与HTTP身份验证（您专门使用HTTP协议进行身份验证，浏览器向用户显示弹出窗口）混淆了。

You probably want the former so you can style the login page. 您可能希望使用前者，以便可以设置登录页面的样式。 In that case you'll have to use PHP or some scripting langauge to check that the user is logged in. fpassthru or readfile can be good solutions for some web sites; 在这种情况下，您将必须使用PHP或某些脚本语言来检查用户是否已登录。fpassthru或readfile对于某些网站可能是很好的解决方案；请参阅。 they're fast and optimised for this type of work. 对于此类工作，它们是快速且经过优化的。

If you really want to do the file handling work in the web browser and not in PHP, one solution can be to create unique, short-lived filenames. 如果您确实想在Web浏览器中而不是在PHP中执行文件处理工作，则一种解决方案是创建唯一的，短暂的文件名。 You can for example create hard links to the file in PHP using link and then redirect the user to the temporary filename. 例如，您可以使用link在PHP中创建到文件的硬链接，然后将用户重定向到临时文件名。 Store the hard links in a database and remove them after a short while. 将硬链接存储在数据库中，不久后将其删除。