I have one page on my root folder called export.php
. Now I don't want to give access to this page to all the users.
What I am trying to achieve, If any user tries to access export.php
page then one alert will display and it will ask for the username and password. Once login details are correct then the page will be accessible. I tried some code on htaccess.
Now I have two issues,
1) I am getting alert on all the pages. How do I set only for the export.php page?
2) After entering the username and password I am getting a server error.
htaccess
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.php [NC,L]
AuthType Basic
AuthName "Access to the Hidden Files"
AuthUserFile 'http://localhost:8080/example/.htpassword'
Require valid-user
Solution .
First I found the path using <?php echo $_SERVER['DOCUMENT_ROOT']; ?>
<?php echo $_SERVER['DOCUMENT_ROOT']; ?>
Output: /opt/lampp/htdocs/example/
then I added path in htaccess file
SetEnvIfNoCase Request_URI /export SECURED
AuthName "Access to the Hidden Files"
AuthType Basic
AuthUserFile "/opt/lampp/htdocs/example/.htpasswd"
AuthGroupFile /
Require valid-user
Satisfy any
Order Allow,Deny
Allow from all
Deny from env=SECURED
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.php [NC,L]
Rewrite all to router.php and then rewrite from php (small mvc for example https://github.com/breakermind/Tronix ).
Better solution, check if the user has permissions in php file:
<?php
// User field from users table (add to session when logging)
if($_SESSION['user']['allow_export'] == 9 && isIpAddressAllowedFunc($_SERVER['REMOTE_ADDR'])){
// show content
}else{
// Redirect or log out user
header('Location: index.php');
exit;
}
?>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.