[英]allow access to a .php file only from another .php file and not direct url
我有两个文件存储在本地服务器的一个文件夹中,分别是login.php和update.php。 只要输入以下两个文件,就可以从任何位置访问它们:
ip:port/folder/login.php
和
ip:port/folder/update.php.
我正在尝试做的是防止用户通过在URL中输入update.php并仅允许他们首先访问login.php来访问update.php文件(当登录时, login.php将他们重定向到update.php) 。按下一个按钮)。
我是php和apache的新手。 我不确定这是否应该在PHP或.htaccess文件中完成以及如何完成。
提前致谢!
您可以使用$_SESSION
// Let's say this is you update.php
session_start();
if (isset($_SESSION['email']) /* or something like that */)
{
session_unset();
session_destroy();
header("Location: login.php");
exit();
}
// do whateven you need to do and set up $_SESSION variables
// for example get the user entered info here
// This is how you set session variables
$_SESSION['username'] = ...;
$_SESSION['email'] = ...;
// Then after you did the registration part or something else you wanted to do
// You can redirect the user to any page you want
header("Location: some_other_page.php");
每次用户尝试立即输入update.php时,由于会话不存在,他们注销后将被重定向到登录名。
希望这能有所帮助。
URL不可能只有用户有时才能访问。
如果您需要登录系统,请执行其他所有人的操作:
您可以检查引荐网址。 您还可以创建用户会话,以便当用户访问update时。 php,已验证变量。 可以在登录时将会话变量设置为正确的值。 PHP的。
通过会话,您可以在人们在您的网站上一页一页地浏览时存储变量。
一个很好的方法是使用readfile 。
<?php
// This is the path to your PDF files. This shouldn't be accessable from your
// webserver - if it is, people can download them without logging in
$path_to_pdf_files = "/path/to/pdf/files";
session_start();
// Check they are logged in. If they aren't, stop right there.
if (!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] != true) {
die("You are not logged in!");
}
// Get the PDF they have requested. This will only allow files ending in 'pdf'
// to be downloaded.
$pdf_file = basename($_GET['file'], ".pdf") . ".pdf";
$pdf_location = "$path_to_pdf_files/$pdf_file";
// Check the file exists. If it doesn't, exit.
if (!file_exists($pdf_location)) {
die("The file you requested could not be found.");
}
// Set headers so the browser believes it's downloading a PDF file
header("Content-type: application/pdf");
header("Content-Disposition: inline; filename=$pdf_file");
$filesize = filesize($pdf_location);
header("Content-Length: $filesize");
// Read the file and output it to the browser
readfile($pdf_location);
?>
这取自wildeeo-ga在Google答案上的答案。
阻止直接访问PHP文件,仅允许本地javascript访问它
[英]block direct access to PHP file and only allow local javascript to access it
仅当bot要求时才允许直接url访问图像,否则使用.htaccess将url传递到index.php文件
[英]allow direct url access to image only if requested by bot otherwise pass url to index.php file using .htaccess
PHP禁止直接访问文件,但仅允许文件所有者登录
[英]PHP Block direct access to a file over but allow to only logged in owner of file
拒绝直接访问文件夹或文件,但允许index.php访问它
[英]Deny direct access to a folder or file, but allow index.php to access it
PHP:如何阻止对文件的直接URL访问,但仍允许登录用户下载文件?
[英]PHP: How can I block direct URL access to a file, but still allow it to be downloaded by logged in users?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.