我可以将Web文件夹访问权限限制为仅登录我网站的用户吗? [英] Can I restrict web folder access to only logged in users of my website?
问题描述
我的网站用户使用他们在我的网站中设置的帐户登录.
My website users login using accounts they setup in my website.
我当然将他们的登录信息存储在 db表中,当他们填写登录表单时可以访问该表.这只是我创建的专有系统.
I of course store their login info in a db table and this table is accessed when they fill out the login form. This is just a proprietary system I created.
登录用户时,他们可以看到存储在我网站上的文件夹中的文档列表.如果他们未登录,则他们无权访问此列表.但是,如果某人知道其中一个文档的直接URL,则可以不登录而直接下载.我想将对该文件夹的访问限制为仅登录的用户.
When users are logged in, they can see a list of documents that are stored in a folder on my website. If they are not logged in, they don't have access to this list. However, if someone knows the direct URL of one of the documents, they can download it without logging in. I want to restrict access to this folder to only logged-in users.
我想我可以在文件夹本身上放置一个 password ,但是我不希望用户必须输入两次密码.如何检测用户是否已登录并将访问权限限制为仅已登录用户?
I guess I could put a password on the folder itself, but I don't want users to have to enter a password twice. How can I detect if the user is logged in and restrict access to only a logged in user?
如果这个问题听起来很简单,请原谅我,但是我来自IIS领域,我不确定如何使用PHP Web服务器来做到这一点.
Forgive me if this question sounds basic, but I come from the world of IIS and I'm not sure how to do this using a PHP web server.
这基本上是相同的问题,尽管我没有使用 asp.net或IIS .
推荐答案
我将设置一个他们可以登录的页面,该页面将列出文件并允许用户单击.它可以轻松地以这种方式轻松地绑定到您现有的系统中.然后,您可以保护目录免于在屏幕上直接列出,并且可以像现有的身份验证系统所允许的那样安全.
I'd setup a page that they could login to that would list out the files and allow the user to click on. It could easily be tied into your existing system that way with very little effort. You could then protect the directory from direct listing on screen and be as secure as your existing auth system allows.
以下是如何在特定目录中获取文件的示例您然后可以foreach数组并相应地链接它们.如果您真的担心文件失窃",则可以设置一个下载页面,用户必须通过该下载页面自己获取下载内容,从而完全掩盖了目录.
Here's an example of how to get the files in a particular directory You could then foreach the array and link them up accordingly. If you were really concerned about file "theft" you could setup a download page that the user would have to route through to get the downloads themselves, thereby totally obscuring the directory.
这篇关于我可以将Web文件夹访问权限限制为仅登录我网站的用户吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
