PHP 的限制包括()

发布于 2024-08-17 22:09:27 字数 525 浏览 6 评论 0原文

我将一些 XHTML 与 PHP 分开,方法是将 XHTML 放入单独的文件中,然后在 PHP 脚本中使用 PHP 的 include() 函数。

这工作得很好,但是,如果用户知道地址,他们仍然可以直接访问 .html 文件。他们确实不能用它做太多事情,但我宁愿它不显示。

我过去见过一些脚本使用某种形式的引荐来源检查,这就是我会做的添加一些基本(注意我说“基本”)限制以防止通过访问来查看它直接吗?

谢谢!

澄清:我忘了提及我想在 PHP 中执行此操作,因此不需要 Web 服务器配置(将文件移出文档根目录、配置 Web 服务器以禁止访问等。 )。我认为这里最合乎逻辑的选择是使用 define() 常量检查,这实际上是我在其他脚本中看到的,但我已经忘记了,正如我在帖子中概述的那样。我意识到这可能不是最好的解决方案,但考虑到可以访问的 html 文件没有特定的价值,define() 常量应该足够了。

I am separating some XHTML from PHP by putting the XHTML into a separate file and then using PHP's include() function within the PHP script.

This works perfectly fine, however, users are still able to access the .html file directly if they know the address. They can't really do much with it, but I would rather it not show.

I've seen some scripts in the past use some form of referrer check, is this what I would do to add some basic (Notice I said 'basic') restrictions to prevent it from being viewed by accessing it directly?

Thanks!

Clarification: I forgot to mention that I want to do this within PHP, so no web-server configuration (Moving files out of document-root, configuring web-server to disallow access, etc.). I think the most logical choice here is to use the define() constant check, that's actually indeed what I've seen in other scripts that I had forgotten, as I outlined in my post. I realize this is probably not the best solution, but given that the html file that can be access is of no particular value, the define() constant should suffice.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(6

温柔戏命师 2024-08-24 22:09:27

如果您当前将所有文件(例如index.php)放在/something/public_html/中,您将需要将文件移动到/something/。这样用户就无法访问这些文件。

/public_html/ 称为文档根目录。该文件夹映射到 example.com,基本上网站从那里开始。如果您将文件移动到网站开始位置的上方,则任何人都无法通过浏览器访问这些文件。

正如 Ignacio 所说,如果打开安全模式,这将不适用于 include

其他方法是在文件顶部放置一些内容

if(!defined("RUNNING_SCRIPT"))
    die("No Direct Access Allowed");

,然后在 PHP 文件中放入

 define("RUNNING_SCRIPT", true);

If RUNNING_SCRIPT 未定义,这意味着它们正在直接访问它,并且它会阻止页面加载。但这仅当 PHP 在 .html 文件上运行时才有效。

您还可以使用 .htaccess 文件来禁止访问该文件夹。

If you currently place all your files (like index.php) in /something/public_html/ you will want to move the files to /something/. That way users cannot access the files.

The /public_html/ is called your document root. That folder is mapped to example.com, and and basically the website starts there. If you move the files to above where the website starts, no one can access those files via a browser.

As Ignacio said, this will not work with include if safe mode is turned on.

Other methods are to place something at the top of the file thats says

if(!defined("RUNNING_SCRIPT"))
    die("No Direct Access Allowed");

and then in your PHP files put

 define("RUNNING_SCRIPT", true);

If RUNNING_SCRIPT is not defined, that means they are directly accessing it, and it stops the page from loading. This only works though if PHP runs on the .html files.

You could also use a .htaccess file to disallowed access to that folders.

风向决定发型 2024-08-24 22:09:27

只需将其移到文档根目录之外即可。如果 PHP 处于安全模式,这将不起作用。

Just move it outside of the document root. This will not work if PHP is in Safe Mode though.

薆情海 2024-08-24 22:09:27

更改您的网络服务器配置以禁止访问该文件?

Change your webserver configuration to disallow access to that file?

拥抱没勇气 2024-08-24 22:09:27

不,请执行以下操作:

index.php:

<?php

define('ALLOW_INCLUDE', true);

include('other.php');

?>

other.php:

<?php

if (defined('ALLOW_INCLUDE') === false) die('no direct access!');

// your code

?>

No, do something like this:

index.php:

<?php

define('ALLOW_INCLUDE', true);

include('other.php');

?>

other.php:

<?php

if (defined('ALLOW_INCLUDE') === false) die('no direct access!');

// your code

?>
天暗了我发光 2024-08-24 22:09:27

最好将其放置在第一行。

您还可以使用 .htaccess 或删除 index.html 页面作为后备。

<?php defined('SOME_CONSTANT_GLOBAL_TO_YOUR_APP') or die('Access denied.'); ?>

It's a good idea to place this as the first line.

You can also use .htaccess or drop a index.html page too as fallbacks.

<?php defined('SOME_CONSTANT_GLOBAL_TO_YOUR_APP') or die('Access denied.'); ?>
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文