dskvfdxgdo2422392 2016-10-16 22:33
浏览 43
已采纳

是否有可能在.htaccess和php之间共享信息?

Hi,

is it possible to share informations between a PHP-Script and .htaccess? I was experimenting with $_ENV, but did not get it to work.

What I want to do:

Creating a login system. For every html-request, .htaccess is calling (via reWrite rule) a php and passing as parameter the original url.The PHP is testing if the user is logged in. If not: Go to the login page, if yes: Allow accessing the requested URL. That I did with php "header($url)".

The problem: This always starts a loop, because the PHP script is, after the logged-test is successfull, requesting the original url, which as again handled in the .htaccess by calling the PHP-Script.

My idea: Is there a way to set a variable in PHP, which I can access in .htaccess-condition? And is that a secure way?

Update:

As asked for, here my code.

PHP:

session_start();
$sOriginUrl = $_GET["url"];

if(!$sOriginUrl){
    return false;
}

if($_SESSION["userName"]) {
    if($_SESSION["userName"] !== null){
    header("Location: " . $sOriginUrl, TRUE, 301);
}
else {
    $aTokenizedOriginalUrl = explode("/", $sOriginUrl);
    $sLoginUrl = "/";
    for($i=0, $il=count($aTokenizedOriginalUrl); $i<($il-1); $i++) {
        $sLoginUrl = $sLoginUrl . $aTokenizedOriginalUrl[$i] . "/";
    }
    header("Location: //myurl.de/" . $sLoginUrl);
}
}
else {
    $aTokenizedOriginalUrl = explode("/", $sOriginUrl);
    $sLoginUrl = "/";
    for($i=0, $il=count($aTokenizedOriginalUrl); $i<($il-1); $i++) {
        $sLoginUrl = $sLoginUrl . $aTokenizedOriginalUrl[$i] . "/";
    }
    $_ENV["HTTP_user_logged"]="true";
    header("Location: //myurl.de/" . $sLoginUrl);
}

.htaccess:

RewriteEngine on

# This prevents the rewrite engine from looping
RewriteCond %{ENV:HTTP_user_logged} true
#RewriteCond %{forced_responsecode} 301
RewriteRule ^ - [L]

#RewriteCond %{ENV:REDIRECT_STATUS} !=""
RewriteCond %{HTTP_REFERER} !^/myurl.de/basics/validate-user-login-for-url.php$
RewriteCond %{REQUEST_URI} !^(/.*)/$
RewriteCond %{REQUEST_URI} !^(/.*)/index.html$
RewriteRule ^(.*\.html)$ /myurl.de/basics/validate-user-login-for-url.php?url=%{REQUEST_URI}&ref=%{HTTP_REFERER} [L,QSA]

Thanks for any help!!

  • 写回答

1条回答 默认 最新

  • dpqjvoq9033 2016-10-16 22:41
    关注

    I'm afraid what you are asking is not possible. PHP cannot share information with .htaccess because the latter is checked before PHP is executed, so the workflow is "req ->.htaccess -> php; req -> .htaccess -> php", but the only thing is preserved between requests is cookies, and no it's not secure to save the login state in the cookie, you need to use sessions, and PHP sessions are not available in .htaccess

    So the solution I propose is that every file in your project which requires user to be authenticated includes a file "check_auth.php" at the beginning, then your check_auth.php can include() the login page and exit() if not logged in, or simply do nothing if the user is logged in (which means the originally invoked script continues its execution.

    Hope this helps. Cheers

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 Oracle触发器记录修改前后的字段值
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值
  • ¥15 我想咨询一下路面纹理三维点云数据处理的一些问题,上传的坐标文件里是怎么对无序点进行编号的,以及xy坐标在处理的时候是进行整体模型分片处理的吗
  • ¥15 CSAPPattacklab
  • ¥15 一直显示正在等待HID—ISP
  • ¥15 Python turtle 画图
  • ¥15 stm32开发clion时遇到的编译问题
  • ¥15 lna设计 源简并电感型共源放大器