我有一个
http://example.com/DL/
任何人都可以免费访问的目录,现在我想拒绝未经授权的用户访问,所以我用代码编写了非常简单的 index.php
<?php
include('config.php');
session_start();
$result = (mysql_query("SELECT * FROM accounts WHERE hash='".$_SESSION['hash']."' ");
$row = mysql_fetch_array(result);
if($row['access']) {
return true;
} else {
header("location: /login.php");
}
?>
问题:有没有办法设置 .htaccess 来检查 index.php 是否在每次用户请求时返回 true
http://example.com/DL/*
?
You can use mod_rewrite to make all requests be routed to index.php.
See this example.
This way you can utilize the Front Controller Pattern
Which basically means that index.php will be your router into the other parts of your code. This allows for the access control that you are looking for but also lets you have a good structure of the rest of your code.
Another recommendation is to only expose index.php in your web root and have the rest of your code outside of the publicly visible folder. This way you will also prevent someone from fetching all your code base when you forget to configure apache properly.