2011-09-22 09:22



I'm currently trying to use a script that ensures users are logged into a central sign-on system.

The problem is that any files, including PHP and image files, in this sub-folder are not accessible when included, whether simply when using <?php include 'file.php' ?>, just as an image, i.e. <img src="image.png" />, etc.

The code that I am using in the .htaccess file is below:

RewriteEngine on
# The original URL is set as an environment variable SSO_REQUESTED rather than
# a query parameter, so it's not vulnerable to hacking.
# It shows up in PHP as $_SERVER['REWRITE_SSO_REQUESTED'].
RewriteCond %{REQUEST_URI} !ssoclient
RewriteRule (.+) /sso/ssoclientfilter.php [E=SSO_REQUESTED:$1,L]

Any help here would be greatly appreciated.

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答


  • dongsu1539 dongsu1539 10年前

    If the point of your code is to make sure that your users are logged into a central sign-in system wouldn't the PHP code:

    if (!isset ($_COOKIE[ini_get('')])) {
         print "<SCRIPT>window.location='/sso/ssoclientfilter.php';</SCRIPT>";

    In the above code, anyone without a session previously started gets directed to your ssoclientfilter.php and your other images and folders aren't touched. This placed where your session_start() is located should cover your issue.

    点赞 评论 复制链接分享
  • douzhen5158 douzhen5158 10年前

    To use the relative paths for include is pretty bad behavior. You really should set some variable or constant with your document root path in your script. Same for HTML: you should include BASE tag into the header to set the base (root) for relative paths of your images, styles, scripts, etc. Also, could be useful to set RewriteBase in your htaccess.

    However, it is strange, that the htaccess affects also php's include which usually uses file system's path, not URI.

    点赞 评论 复制链接分享