drxv39706 2018-05-03 17:21
浏览 78
已采纳

仅允许已登录的用户查看托管在同一服务器和域上的外部html站点(在子文件夹中)

I have a PHP site (site A, CakePHP 2.3) with its own login system. Then I have another "site" (it's actually an html generated ebook with its own index.html) in the same server, but on a different folder, let's call it site B.

I'm trying to allow only users that have a valid session on site A (have logged in with valid credentials) to view that ebook (access that index.html file). The main idea behind this is to prevent users from directly sharing site B's URL.

This would be easy if I could check the user's session on Site A from Site B, I could just check the $_SESSION variable, but that's not possible.

What's the simplest way to accomplish this? While not preferably, it's okay if I have to edit that index.html file from site B to add any code that could help with this.

One way I thought about was to do some javascript redirect from site A to site B that includes a POST variable, if the variable doesn't exist, then nothing is shown. This would require adding some php on that index.html on site B but I'm not sure it's the best solution, I wonder if there's something better.

Also, I have 100s of these ebooks so if it's something I can apply massively it would be much better.

EDIT:

For clarification, both sites are in the same server and have same "domain". To open site B I use a symlink from site A. For example:

  • 写回答

1条回答 默认 最新

  • douxing5199 2018-05-03 18:49
    关注

    Create a proxy

    I would use .htaccess to redirect any url pointing to pages in the book to a custom action in the CakePHP application.

    This action checks for credentials and if OK then reads from disk the actual requested file and sends it to the browser. Do not redirect back or you will cause a redirect loop!

    Of course you need to create a redirect that passes the original requested page as a parameter so you know what file to read.

    Granted this is not supper efficient but it works. I had to solve the exact same issue in an old project.

    Notes

    Make sure your .htaccess rules only intercept/redirect HTML links or else you need to pay attention to setting up proper response headers for CSS or Image files.

    Example of .htaccess

    This needs to be in the ROOT folder of the book

    <IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteRule    ^(.*html)$    http://[FULL_LINK_TO_CAKE_APP]/proxy/load/$1
</IfModule>

    Example of the proxy controller

    namespace App\Controller;

/**
 * Static content controller
 *
 * This controller will render a html file 
 *
 */
class ProxyController extends AppController
{

    public function load($file=null){
        if( !$file ){
            return $this->response->body( "Error: no file specified" );
        }

        //THIS NEEDS TO RESOLVE THE FULL DISK PATH OF YOUR PROTECTED FILES
        $pathToFiles = WWW_ROOT . '/subfolder/';

        if( file_exists( $pathToFiles . $file )){
            $this->response->body( file_get_contents( $pathToFiles.$file) );
            return $this->response;
        }

        $this->response->body('Could not load the file: ' . $pathToFiles . $file);
        return $this->response;
    }
}

    Security

    Of course I assume you have setup the Auth component correctly in your AppController so the controller above will only execute if the user is logged in!

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 ETLCloud 处理json多层级问题
  • ¥15 matlab中使用gurobi时报错
  • ¥15 这个主板怎么能扩出一两个sata口
  • ¥15 不是,这到底错哪儿了😭
  • ¥15 2020长安杯与连接网探
  • ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么
  • ¥15 banner广告展示设置多少时间不怎么会消耗用户价值
  • ¥15 可见光定位matlab仿真
  • ¥15 arduino 四自由度机械臂
  • ¥15 wordpress 产品图片 GIF 没法显示