使用PHP身份验证的HTTP身份验 [英] HTTP authentication using PHP authentication
问题描述
我正在为我的网站制作一个会员区,我已经在运行了。我使用mysql和php对成员进行身份验证,这非常有效。
I'm making a members area for my site and I have it already running. I authenticate members using mysql and php and this works really well.
但现在出现问题,我想为成员提供将文件上传到系统的可能性,以及那些文件应该只对登录的成员可用。
But now problems occurs, I would like to offer members a possibility to upload files to the systems, and those files should be available ONLY to logged in members.
我知道我可以将这些文件存储到数据库甚至文件系统中并通过php提供它们,但是这将得到当成员上传更大的文件时,服务器非常繁重。这些文件甚至可能是20MB甚至更大。
I know I could store those files to a database or even in a filesystem and serve them throught php, BUT this will get very heavy for the server when members upload bigger files. Those files might be even 20MB or even bigger.
我想让apache服务文件,但只需要找到一种方法来自动进行http身份验证,所以用户无需登录两次。我想可以在一个用户名和密码后面进行这种http身份验证,就像当用户登录到php和mysql身份验证时,透明地同时javascript等也会进行http身份验证,每个成员都会这样做具有相同凭据的http身份验证。当然,我不想将这些http auth凭证存储在javascript文件中,但像ajax这样的解决方案也许可以解决问题。我只是不确定如何做到这一点。
I would like to let apache serve the files, but just need to find a way to automatically do the http authentication, so users wouldn't need to log in twice. I suppose it is ok to make this http authentication behind one username and password, something like when a user logs in to the php and mysql authentication, transparently at the same time javascript etc. would do that http authentication also, every member would do the http authentication with the same credentials. Of course I wouldn't want to store those http auth credentials in a javascript file, but something ajax like solution maybe would do the trick. I'm just not sure how to do this.
推荐答案
您似乎在混淆身份验证(您提供某种登录方式)和HTTP身份验证(您专门使用要进行身份验证的HTTP协议,浏览器会向用户显示一个弹出窗口。)
It seems like you are confusing authentication (where you provide some way to login) with HTTP authentication (where you specifically use the HTTP protocol to authenticate, and the browser shows a popup to the user).
您可能想要前者,这样您就可以设置登录页面的样式。在这种情况下,您将不得不使用PHP或某些脚本语言来检查用户是否已登录。 fpassthru 或者 readfile 可以成为某些网站的理想解决方案;它们是快速的,并且针对这类工作进行了优化。
You probably want the former so you can style the login page. In that case you'll have to use PHP or some scripting langauge to check that the user is logged in. fpassthru or readfile can be good solutions for some web sites; they're fast and optimised for this type of work.
如果你真的想在网络浏览器中而不是在PHP中进行文件处理工作,那么一个解决方案就是创建独特的,短命的文件名。例如,您可以使用链接在PHP中创建指向该文件的硬链接,然后将用户重定向到临时文件名。将硬链接存储在数据库中,并在一段时间后将其删除。
If you really want to do the file handling work in the web browser and not in PHP, one solution can be to create unique, short-lived filenames. You can for example create hard links to the file in PHP using link and then redirect the user to the temporary filename. Store the hard links in a database and remove them after a short while.
这篇关于使用PHP身份验证的HTTP身份验的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
