安全的网页使用PHP / htaccess的？ [英] Secure pages with PHP/.htaccess?

问题描述

www.example.com/index.html 在我的网站是一个页面，要求输入密码，输入的时候，贯穿 WWW .example.com的/的login.php 。

www.example.com/index.html on my website is a page that asks for a password, and when entered, runs through www.example.com/login.php.

<?php
if (isset($_POST['pw']) && ($_POST['pw'] == "mypassword"))
{
// Location after Logged in
header('Location: http://example.com/kareha/index.html');
}
else
{
// If not Logged in
header('Location: http://example.com/index.html');
}
?>

然后被重定向到 www.example.com/kareha / 。

现在的问题是，任何人都可以直接输入，并直接导航到 www.example.com/kareha / 。

The problem is, anyone can just type in and directly navigate to www.example.com/kareha/.

有没有什么办法可以保护这个索引文件（或在网站上任何其他地方），所以任何人都不能登录被重定向到主登录页面谁？

Is there any way I can protect this index file (or anywhere else on the site) so anyone who isn't logged in is redirected to the main login page?

此外，它会帮助，如果它是通过的.htaccess 保护？ （ /kareha/index.html 根据模板，每次我摆弄它打破自动更新）

Also, would it help if it was protected through .htaccess? (/kareha/index.html is automatically updated according to a template, which has broken every time I mess around with it)

编辑：也许一些沿启动会话 /login.php ，然后为行的.htaccess 在本届会议的 / kareha / 文件夹检查？

Maybe something along the lines of starting a session with /login.php and then having .htaccess in the /kareha/ folder check for the session?

推荐答案

您需要使用会话或htpasswd的。要使用会话，改变你的HTML文件到PHP

you need to use sessions or .htpasswd. To use sessions, change your html files to php

这里是你的登录脚本

<?php
    session_start();

    // see if the form has been posted
    if($_SERVER['REQUEST_METHOD'] == 'POST') {

    // check for the password
    if($_POST['pw'] == "mypassword") {

        // set a session
        $_SESSION['loggedin'] = true;

        // redirect to kareha/
        header('Location: http://example.com/kareha/index.php');
    }
} else {
    header('Location: http://example.com/index.html');
}

// put HTML and login form here...

的kareha / index.php的最顶部

<?php
    session_start();
    if(!isset($_SESSION['loggedin'])) {
        // redirect to login page
        header('Location: http://example.com/index.html');
    }

// put rest of page here

您可以读到这里会： http://www.php.net /manual/en/book.session.php

编辑：我看错了原来的问题。修...

I misread the original question. Revised...

这篇关于安全的网页使用PHP / htaccess的？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！