prevent people from registering a username that is the same as your root folder
Question
I'm using .htaccess to load a social network profile
RewriteEngine on
RewriteRule ^([a-zA-Z0-9_-]+)$ /users/users.php?username=$1
But the problem is anyone could register a username that is the same as maybe "admin"
Is there any way to prevent that with either .htaccess or php?
2 answers
solution1
1 ACCPTED 2014-08-28 00:12:40
I found a solution!
<?php
$dir = '/var/www';
$files = scandir($dir);
if (in_array("forum", $files)) {
echo "username Exists";
}
?>
solution2
0 2014-08-28 00:06:31
You can do this with a negative lookahead assertion ( (?!…) ):
RewriteRule ^(?!admin)([a-zA-Z0-9_-]+)$ /users/users.php?username=$1
However, I'd recommend performing validation at the time the user is created and then validating that the user exists in the database before allowing access to any files. Even better, consider redesigning your system so that user information isn't stored in a directory structure, but in the database somewhere. Alternatively, if you really have to store user files on the file system you can make sure each user has a unique numeric user id and use that as the folder name.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.