PHP 的限制包括()
我将一些 XHTML 与 PHP 分开,方法是将 XHTML 放入单独的文件中,然后在 PHP 脚本中使用 PHP 的 include() 函数。
这工作得很好,但是,如果用户知道地址,他们仍然可以直接访问 .html 文件。他们确实不能用它做太多事情,但我宁愿它不显示。
我过去见过一些脚本使用某种形式的引荐来源检查,这就是我会做的添加一些基本(注意我说“基本”)限制以防止通过访问来查看它直接吗?
谢谢!
澄清:我忘了提及我想在 PHP 中执行此操作,因此不需要 Web 服务器配置(将文件移出文档根目录、配置 Web 服务器以禁止访问等。 )。我认为这里最合乎逻辑的选择是使用 define() 常量检查,这实际上是我在其他脚本中看到的,但我已经忘记了,正如我在帖子中概述的那样。我意识到这可能不是最好的解决方案,但考虑到可以访问的 html 文件没有特定的价值,define() 常量应该足够了。
I am separating some XHTML from PHP by putting the XHTML into a separate file and then using PHP's include() function within the PHP script.
This works perfectly fine, however, users are still able to access the .html file directly if they know the address. They can't really do much with it, but I would rather it not show.
I've seen some scripts in the past use some form of referrer check, is this what I would do to add some basic (Notice I said 'basic') restrictions to prevent it from being viewed by accessing it directly?
Thanks!
Clarification: I forgot to mention that I want to do this within PHP, so no web-server configuration (Moving files out of document-root, configuring web-server to disallow access, etc.). I think the most logical choice here is to use the define() constant check, that's actually indeed what I've seen in other scripts that I had forgotten, as I outlined in my post. I realize this is probably not the best solution, but given that the html file that can be access is of no particular value, the define() constant should suffice.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
如果您当前将所有文件(例如index.php)放在
/something/public_html/中,您将需要将文件移动到/something/。这样用户就无法访问这些文件。/public_html/称为文档根目录。该文件夹映射到example.com,基本上网站从那里开始。如果您将文件移动到网站开始位置的上方,则任何人都无法通过浏览器访问这些文件。正如 Ignacio 所说,如果打开安全模式,这将不适用于
include。其他方法是在文件顶部放置一些内容
,然后在 PHP 文件中放入
If RUNNING_SCRIPT 未定义,这意味着它们正在直接访问它,并且它会阻止页面加载。但这仅当 PHP 在
.html文件上运行时才有效。您还可以使用
.htaccess文件来禁止访问该文件夹。If you currently place all your files (like index.php) in
/something/public_html/you will want to move the files to/something/. That way users cannot access the files.The
/public_html/is called your document root. That folder is mapped toexample.com, and and basically the website starts there. If you move the files to above where the website starts, no one can access those files via a browser.As Ignacio said, this will not work with
includeif safe mode is turned on.Other methods are to place something at the top of the file thats says
and then in your PHP files put
If
RUNNING_SCRIPTis not defined, that means they are directly accessing it, and it stops the page from loading. This only works though if PHP runs on the.htmlfiles.You could also use a
.htaccessfile to disallowed access to that folders.只需将其移到文档根目录之外即可。如果 PHP 处于安全模式,这将不起作用。
Just move it outside of the document root. This will not work if PHP is in Safe Mode though.
更改您的网络服务器配置以禁止访问该文件?
Change your webserver configuration to disallow access to that file?
不,请执行以下操作:
index.php:
other.php:
No, do something like this:
index.php:
other.php:
最好将其放置在第一行。
您还可以使用 .htaccess 或删除 index.html 页面作为后备。
It's a good idea to place this as the first line.
You can also use .htaccess or drop a index.html page too as fallbacks.
可能是apache访问控制?
http://httpd.apache.org/docs/2.2/howto/access。 html
may be apache access control?
http://httpd.apache.org/docs/2.2/howto/access.html