donglu1913 2013-08-10 03:11
浏览 41
已采纳

php中的密码保护目录

I'm creating a web directory and I have created a system so admin can add content to site the problem is the content is static and is being added into directory because we want to show it like mysite.com/test/content/ab.html so how do I use php allow access to that url via php and user details are in mysql database. I mean if user is logged in and has permission then he it can see the mysite.com/test/content/ab.html or any file inside the content but if he/she is logged out then it should redirect.

edit: I have solved half problem using htaccess now it checks if user is logged in but how do I redirect if user is logged in ? here is the htaccess I used

# For security reasons, Option followsymlinks cannot be overridden.
#Options +FollowSymLinks +ExecCGI
Options +SymLinksIfOwnerMatch +ExecCGI
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_URI}  !(\.php)$
    RewriteRule (.*)  /index.php [QSA]
</IfModule>
  • 写回答

1条回答 默认 最新

  • dongshang1768 2013-08-10 10:50
    关注

    It's difficult to help without knowing how you log people in (you must do so you at least know they're logged in and which user they are) I'm going to assume a basic login system.

    The way I do it is basic login.php page, if login successful set some basic sessions (no password, username or sensitive info) and set their user level (so you can manage what they can access)

    eg, if login = successful:

    $_SESSION['loggedin']['userlevel'] = $FromDatabase['userlevel'];

    Then in an include file which is included in every page (header.php or config.php) I have (my config.php is before any headers/browser out put sent etc)

      if (!isset($_SESSION))
    {
      session_start();
    }

    $strUserLevel = false;

    if (isset($_SESSION['loggedin']['userlevel']))
      {
        $strUserLevel = $_SESSION['loggedin']['userlevel'];
      }

    Then I can use this throughout the site to control their access, :

        if($strUserLevel == false)
      {
        header("location: login.php");
        die();
      }
    //or wherever you want to redirect them
    //or just say you need to be logged in to view this, link to login page (etc)


  if ($strUserlevel < 3) // or whatever level they need for this page
    {
      echo "You cannot edit this page";
      exit();
    }
  else
    {
      //a form or whatever
    }

    The above is just basic examples. My code is a bit more complex as I always use config.php in includes and set global variables to use site wide there, and have a basic login check function (checks their current IP matches the one I checked at login time and stored in DB and other things etc).

    Another method of permission control is using mysql tables. So if you have TABLE tblEditPageAB, anyone who's name is in in a row in that table can edit that page. Though this is more used for admin control, ie you have tblAdministrateOtherUsers - again anyone who has their name/details in a row in that table can administrate the other users (or whatever)

    To check this you just simply query, and if no results they can't.

    Again, the best approach all depends on your site, scenario, how many page syou have to be edited, if they're created on the fly, etc. There are all manner of approaches, but hopefully I've given you food for thought, and helped :)

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥100 任意维数的K均值聚类
  • ¥15 stamps做sbas-insar,时序沉降图怎么画
  • ¥15 unity第一人称射击小游戏,有demo,在原脚本的基础上进行修改以达到要求
  • ¥15 买了个传感器,根据商家发的代码和步骤使用但是代码报错了不会改,有没有人可以看看
  • ¥15 关于#Java#的问题,如何解决?
  • ¥15 加热介质是液体,换热器壳侧导热系数和总的导热系数怎么算
  • ¥100 嵌入式系统基于PIC16F882和热敏电阻的数字温度计
  • ¥15 cmd cl 0x000007b
  • ¥20 BAPI_PR_CHANGE how to add account assignment information for service line
  • ¥500 火焰左右视图、视差(基于双目相机)