[英]PHP: Use PHP to authenticate with .htaccess when uploading to a subfolder of the protected folder
我正在尝试将文件上传到受保护文件夹的子文件夹。 层次结构如下所示:
/basefolder(.htaccess)/tool/script.php
/basefolder(.htaccess)/tool/uploadhandler.php
/ basefolder(.htaccess)/ tool / files / here(子文件夹)/
我的基本文件夹的简单.htaccess文件是:
AuthUserFile "/path/"
AuthType Basic
AuthName "Admin Dashboard"
require valid-user
该脚本将数据发送到典型的php上传处理程序,该处理程序试图将文件保存在子文件夹中。 当代码到达此阶段时,浏览器会再次提示我输入用户名/密码。
有没有一种使用PHP进行身份验证的方法,以便每次都不会提示我输入密码?
免于上载HTTP密码保护的upload.php
文件,并使用会话或cookie设置允许用户上载。
例如,在具有上传表单的PHP文件中:
session_start();
$_SESSION['can_upload'] = true;
// this would only be set if the user could successfully access the upload form
// page; sessions are preferable to cookies since anyone could set a cookie named
// "is_allowed" to "1"—you would have to use some kind of token for validation
// if you used a cookie
然后在PHP文件处理文件上传中,
session_start();
if (! isset($_SESSION['can_upload'])) {
header("403 Forbidden");
echo("You are not authorized!");
die();
}
// user is OK, put your upload logic here
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.