除非经过身份验证,否则拒绝查看文件夹,并访问网站根目录之外的文件夹
[英]Deny a folder to be viewed unless authenticated and access to a folder outside website root
问题描述
我有点困惑。 我在根目录/网站中有一个网站(Apache),在我的主页中有一个身份验证表单,在提交服务器时使用LDAP检查用户是否可以通过身份验证。
成功后,应将用户重定向到“ root / website / filestoview”文件夹视图,并能够在其中导航/下载。
仅当用户通过身份验证并拒绝任何尝试(例如
www.mysite.com/filestoview如何才能实现重定向?我尝试过htaccess:
order deny,allow allow from localhost deny from all but didn't work.如何在我的根网站之外的文件夹中显示内容(FTP,即可以导航/下载)? 我从root
../../folder2尝试过,但是它一直将我重定向到主页。
谢谢
1 个解决方案
解决方案1
1 已采纳 2014-07-06 00:23:44
允许授权用户浏览和下载public_html之外的文件
<?php
// Allow authorized users to browse and download files outside public_html
// http://stackoverflow.com/users/1310701/hex494d49
if(is_user_authorized($user)){
// at this point the user has been authorized
// this is the protected directory; it is outside of public_html
// this is the protected directory
$home = $dir = '/home/user-root/member-area/';
// prevent hacking :)
if(isset($_GET["handle"]) && strpos($_GET["handle"], $home) !== false){
if(is_dir($_GET["handle"])){
$dir = $_GET["handle"] . "/";
}else if(is_file($_GET["handle"])){
$file = $_GET["handle"];
// let user download the file
download_file($file);
}
}
// add <back> link if we are within some sub-directory
echo ($dir != $home) ? "<a href='?handle=" . dirname($dir) ."'>back</a><br />" : "";
// scan directory
$entries = scandir($dir);
$length = count($entries);
for($i = 0; $i < $length; $i++){
if($entries[$i] != "." && $entries[$i] != "..") {
echo "<a href='?handle=" . $dir . $entries[$i] . "'>" . $entries[$i] . "</a><br />";
}
}
}else{
// user isn't authorized to view the content so
// redirect her/him to something entertaining :)
header("Location: https://disneyland.disney.go.com");
}
// -----
function is_user_authorized($user){
// ... your authorization code
return ($user) ? true : false;
}
// -----
function download_file( $file_name ){
if(!file_exists($file_name)) return false;
header("Content-Description: File Transfer");
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; file_name = " . basename($file_name));
header("Content-Transfer-Encoding: binary");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Pragma: public");
header("Content-Length: " . filesize($file_name));
ob_clean();
flush();
readfile($file_name);
exit;
}
?>
进一步改进:添加文件类型和文件大小,使用base64编码/解码句柄,提高安全性
访问网站根PHP外部的文件夹
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.