如何使用Apache / PHP来保护目录从没有登录的用户 [英] How to use Apache/PHP to protect directories from users that aren't logged in
问题描述
我和朋友正在建设的网站,允许用户上传图片。我们已经得到了这一切来分类的,但我们想知道如何停止的公众能够访问服务器上的文件的成员,但允许成员来访问它们。是否有一个Apachemod,它可以让我们做到这一点,并用PHP脚本连接它来检查用户是否登录?
My friend and I are building website that allows users to upload images. We have got this all sorted but we were wondering how to stop members of the public being able to access the files on the server, but allowing members to access them. Is there an Apache mod that would let us do this and link it with a PHP script to check if users are logged in?
推荐答案
是的,有一个Apache模块可以用于身份验证:的 的mod_auth
。
Yes there is an apache module you can use for authentication: mod_auth
.
它支持多个后端,这样可以使你的应用程序的份额与它的凭据。
It supports multiple backends, so you can make your application share the credentials with it.
阿帕奇本身是可扩展的认证,以及有支持被称为 mod_auth_mysql
其中的多个变体存在的mysql数据库等模块。一个更好的选择可能是 mod_authn_dbd
了解Apache 2.2的,因为它提供了一个通用接口,多口味的SQL数据库。同时,支持LDAP: mod_authnz_ldap模块
。
Apache itself is extendible at authentication as well, there are other modules that support a mysql database which is called mod_auth_mysql
of which multiple variants exist. A better choice might be mod_authn_dbd
for Apache 2.2 as it offers a generic interface to SQL databases of multiple flavors. As well, ldap is supported: mod_authnz_ldap
.
另一种选择是使用你的PHP进行认证,然后命令所述服务器来提供的文件中。这通常被称为 X-SENDFILE
或 mod_xsendfile
,这是一个第三方的模块。
Another alternative is using you PHP for authentication and then commanding the server to provide the file. That's often referred as X-Sendfile
or mod_xsendfile
, which is a third-party module.
如果你正在寻找一个PHP唯一的解决办法,有一个问题是谈论它是 如何密码保护文件(图像,视频,ZIP)动态地从公众,并允许访问成员只? 。
If you're looking for a PHP only solution, one question that talks about it is How to password protect files (images, video, zip) dynamically from public and allow access to members only?.
这篇关于如何使用Apache / PHP来保护目录从没有登录的用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!