[英]Can I implement a transparent, PHP-based authentication layer with Apache's help?
I'm looking for a transparent, PHP-driven authentication layer for a web site.我正在为 web 站点寻找一个透明的、PHP 驱动的身份验证层。
I'm aware of the following simple approaches:我知道以下简单的方法:
Mechanics:力学:
Downsides:缺点:
Mechanics:力学:
Downsides:缺点:
include "login_required.inc.php";
include "login_required.inc.php";
or similar at the top of any PHP file, that file will be accessible by anybody.I'd like to implement the PHP-based login solution , but to somehow configure Apache to invoke login_required.inc.php
(or similar) transparently as an intermediate step when any PHP file is requested.我想实现基于 PHP 的登录解决方案,但以某种方式配置 Apache 以调用
login_required.inc.php
(或类似的)透明地作为中间步骤,当请求任何 Z2FEC392304A5C23AC138DA22847 文件时
This script will:该脚本将:
Is this a pipe dream?这是 pipe 的梦想吗? Or can I do it?
或者我能做到吗? And if so, how?
如果是这样,怎么办?
If you rewrite all php requests through index.php, index.php/php would then control access to anything.如果您通过 index.php 重写所有 php 请求,则 index.php/php 将控制对任何内容的访问。
RewriteRule ^(.*)$ /index.php?pageid=$1 [QSA,L]
Something like that will push any request to index.php, in which you can do your authentication and then it will farm out the content...类似的东西会将任何请求推送到 index.php,您可以在其中进行身份验证,然后它将内容分流出来......
The QSA in this will retain any query string parameters etc.其中的 QSA 将保留任何查询字符串参数等。
I think you should restructure you website to use a Front Controller .我认为您应该重组您的网站以使用Front Controller 。 There's a reason that pretty much every framework uses the FrontController pattern: single point of access makes your app simpler.
几乎每个框架都使用 FrontController 模式是有原因的:单点访问使您的应用程序更简单。
One possibility is to use .htaccess
ModRewrite
to redirect all requests to, say, login_required.php?redirect=<ORIGINALLY-REQUESTED-SCRIPT>
.一种可能性是使用
.htaccess
ModRewrite
将所有请求重定向到,例如login_required.php?redirect=<ORIGINALLY-REQUESTED-SCRIPT>
。
login_required.php
can then perform its magic and do one of the following: login_required.php
然后可以执行其魔术并执行以下操作之一:
include
<ORIGINALLY-REQUESTED-SCRIPT>
. include
<ORIGINALLY-REQUESTED-SCRIPT>
。header("Location: <ORIGINALLY-REQUESTED-SCRIPT>)";
header("Location: <ORIGINALLY-REQUESTED-SCRIPT>)";
will, I believe, merely fall foul of the .htaccess
again and cause an infinite redirect loop!.htaccess
并导致无限重定向循环! Setting the .htaccess
ModRewrite
directive to only conditionally redirect based on the value of HTTP_REFERER
is not secure enough..htaccess
ModRewrite
指令设置为仅基于HTTP_REFERER
的值有条件地重定向是不够安全的。 This is not the preferred solution , but it's a possibility...这不是首选解决方案,但有可能......
Another possibility:另一种可能:
Have only a single entry-point.只有一个入口点。 Just one file that's accessible from the outside world, like
index.php?target=<REQUESTED-SCRIPT>
.只有一个可以从外部世界访问的文件,例如
index.php?target=<REQUESTED-SCRIPT>
。 This one file can contain the authentication logic and include
the required script.这一文件可以包含身份验证逻辑并
include
所需的脚本。
All other files would be blocked from external access by .htaccess
, or simple file permissions. .htaccess
或简单的文件权限将阻止所有其他文件进行外部访问。
This is a good solution, but it would be a large change to update all URLs throughout the existing system .这是一个很好的解决方案,但是要更新整个现有系统中的所有URL 将是一个很大的变化。
Edit Apparently this is called the "Front Controller" pattern.编辑显然这被称为“前端控制器”模式。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.