与suPHP一起实现登录 [英] Implementing log in alongside suPHP
问题描述
如何将类似登录功能设计为使用suPHP的文件权限.例如,如果我有一个位于www.example.com的网站,并且以下两个用户都有自己的主目录,每个用户都有一个php脚本test.php和一个属于另一个用户(root,www-data, apache ...).
How can a log in like feature be designed to use suPHP's file permissions. For example, if I have a website at www.example.com and the following two users with their own home directories, each with a php script test.php, and a validateUser.php script that belongs to another user (root, www-data, apache...) in the /home directory.
/home/
├── validateUser.php
├── user1
│ └── test.php
└── user2
└── test.php
user1可以通过访问www.example.com/user2/test.php来访问user2's脚本,反之亦然.相反,我想要的是使用 mod_rewrite这样的方法来引导所有传入请求,到validateUser.php.但是,这样做的结果是将所有脚本作为validateUser.php的所有者而不是目标test.php脚本的所有者执行.
user1 can access user2's script by visiting www.example.com/user2/test.php, and vice versa. Instead what I want, is to channel all incoming requests, using something like mod_rewrite, to validateUser.php. However, doing so will have the consequence of executing all scripts as the owner of validateUser.php, not the target test.php script.
无论如何,在suPHP启动之前是否有调用php脚本的信息,然后允许suPHP继续运行,或者完全中止.
Is there anyway to call a php script before suPHP kicks in, and then either allow suPHP to continue, or abort entirely.
编辑,这是我要提出的第二个悬赏计划.我给古斯塔夫(Gustav)B/c的第一位,他给出了很好的部分答案.我将提及到目前为止我尝试过的事情,以及为什么它们都不对我有用.
EDIT This is the second bounty I am putting up. The first I gave to Gustav b/c he gave a good partial answer. I will mention what I have attempted so far, and why none of them work for me.
1)我尝试使用 mod_rewrite 重定向URL validateUser.php以登录用户,或调用他们想调用的任何脚本.问题是我已经设置了虚拟主机,以便每个用户都有自己的虚拟站点(即www.user1.example.com,www.user2.example.com ...如果这是一种不良的设计方法,请毫不客气地指出它).因此,尽管操作系统看到的文件结构是在线的,但根目录却是这样设置的
1)I have tried using mod_rewrite to redirect the URL to validateUser.php to either log the user in, or call whatever script they wanted to call. The problem is that I have set my virtual hosts such that each user has their own virtual site (ie. www.user1.example.com, www.user2.example.com...if this is a bad design approach, feel free to rudely point it out). Therefore, although the OS sees the file structure as above, online, the root directories are set up as such
VirtualHost = www.user1.example.com
├── validateUser.php
└── test.php
VirtualHost = www.user2.example.com
├── validateUser.php
└── test.php
自然,我只是将validateUser.php的副本移到了每个用户的目录中.问题在于,现在用户可以删除该文件,然后将所需文件放入其中,就像根本不需要登录一样.一种解决方法是使主文件夹具有粘性(我不建议对主文件夹执行此操作),并使validateUser.php由根拥有.但是,由于它是suPHP,因此现在将以AS根目录执行.那就是我放弃的地方.
Naturally I just moved a copy of validateUser.php into every user's directory. The problem is that now the user can delete that file and put whatever they want in there, like not require a log in at all. A way around this is to make the home folder sticky (not something I would ever recommend doing to a home folder) and make the validateUser.php owned by root. But now it will executed AS root since this is suPHP. That's where I gave up.
2)我可以使用Gustav的mod_auth建议,但我不喜欢它要求预先输入密码(例如老式学校的网站).
2)I could use Gustav's mod_auth suggestion, but I don't like that it demands the password up front (like the old school web sites).
3)如果可以在虚拟主机之间重定向,我已经考虑了1)的变种.例如,像这样重构虚拟主机
3) I have considered a variant to 1) if I could redirect between virtual hosts. For example, restructure the virtual hosts like so
VirtualHost = www.user1.example.com
└── test.php
VirtualHost = www.user2.example.com
└── test.php
VirtualHost = www.admin.example.com
└── validateUser.php
然后使用mod_rewrite将用户的所有流量重定向到www.admin.example.com/validateUser.php,如果用户登录(或者登录成功),则将用户重定向回他们最初尝试登录的站点.这样做的好处是,即使有可能,suPHP也不会启动,直到将用户定向回自己的虚拟主机为止.
Then use mod_rewrite to redirect ALL traffic from users to www.admin.example.com/validateUser.php, and if the user is logged in (or if the login is successful) the user is redirected back to the site they initially tried to log in to. The benefit of this, if it even is possible, is that suPHP won't kick in until the user is directed back to their own virtual host.
推荐答案
您是否考虑过使用 mod_auth ?如果您决定尝试使用该指南,则可以找到指南有用.
Have you considered implementing user authentication using using mod_auth? If you decide to try it, there is a guide that you may find useful.
等效于Apache 2.2:
The Apache 2.2 equivalents:
- mod_auth_basic
- Authentication HOWTO
请注意,浏览器将存储凭据,并将其与您提出的每个请求一起发送到标头中.
Note that the browser stores the credentials, and sends them in the header with every request you make.
这篇关于与suPHP一起实现登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
