禁止直接访问htaccess中的文件? [英] Disallow direct access to a file in htaccess?
问题描述
我想禁止用户直接访问我网站上的PHP脚本。
I would like to disallow users to access directly to a PHP script on my website.
该脚本应该从网站上的其他脚本访问。
This script should instead be accessed from other scripts on the website.
例如, somepage.php可以调用 upload.php,但不允许用户键入 mywebsite.com/upload.php 强>。不幸的是,我无法将脚本移动到特定文件夹。
For example, "somepage.php" can call "upload.php", but users are not allowed to type mywebsite.com/upload.php. Unfortunately I can't move my script to a specific folder.
推荐答案
根据我其他回答中的评论,很明显,这个问题实际上提出了不同的要求。由于我觉得其他答案与最初提出的问题有关,因此我不想编辑该答案,而是添加此其他答案。
As per the comment in my other answer it has become clear that the question actually asked something different. Since i feel that the other answer relates to the question as originally asked, i do not want to edit that one, but rather add this additional answer.
此答案将回答:如何阻止其他网站深入链接正在我的iframe中显示的页面?
This one will answer: How do i stop a different site from deep linking a page that is being displayed within an iframe on mine?
要正确地做到这一点,可以使用PHP会话。然后,您将在您的主页中发起一个会话,如果该会话实际上已经开始,则该用户只能查看内部页面。
To do that correctly it is possible to use PHP Sessions. In your main page you would then initiate a session, this user would only be able to view the "inner" page if the session has in fact started.
假设您有两个页面:index.php和inner.php。您将以下内容放在index.php的开头:
Let's say you have two pages: index.php and inner.php. You will put the following in the beginning of index.php:
if (session_status() !== PHP_SESSION_ACTIVE) session_start();
在inner.php中,您将拥有:
In the inner.php you will have:
if (session_status() !== PHP_SESSION_ACTIVE) die("Deep linking detected");
您绝对不能从htaccess或页面代码之外的任何其他位置执行此类操作
And you definitely cannot do anything like this from htaccess or any other place outside of the code of the pages themselves.
参考: http://www.php.net/manual/en/function.session-status.php
这篇关于禁止直接访问htaccess中的文件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!