通过PHP检测域名的方法
我使用 SimpleCMS 允许客户对其网站进行简单的文本更改;但是,我在这里遇到了一些问题,因为网站的一部分是通过设置 PHP $_SESSION
变量进行密码保护的。在此安全页面中,在此 $_SESSION
变量上运行 if(!isset)
以允许或禁止查看。
简单的 CMS 的工作原理是登录 www.contenteditor.net 并将页面加载到某种框架中(我宽松地使用框架一词)。我想知道的是,除了我的 if(!isset)
测试之外,是否有办法查看当前域是否为 contenteditor.net 并允许他们访问?
感谢任何帮助,
丹
I'm using SimpleCMS to allow the client to make simple textual changes to their website; however, I'm having some issues here as part of the website is password protected through setting a PHP $_SESSION
variable. From this secure page, an if(!isset)
is run on this $_SESSION
variable to allow or disallow viewing.
Simple CMS works by logging in to www.contenteditor.net and it loads the pages into some sort of frame (I use the word frame loosely). What I want to know is, in addition to my if(!isset)
test, is there a way to see if the current domain is contenteditor.net and allow them access?
Any Help is appreciated,
Dan
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
$_SERVER['SERVER_NAME'] 并解析?
$_SERVER['SERVER_NAME'] and parse?
使用 $_SERVER['HTTP_HOST'] 检查您的主机地址,也可以使用 $_SERVER['SERVER_NAME'] 。
Use $_SERVER['HTTP_HOST'] to check your host address and $_SERVER['SERVER_NAME'] could also be used.
如果它在框架中,则不行,没有安全的方法可以根据域名执行此操作。
您可以做的是,在授权代码中,除了会话之外还允许某种 URL 授权。
当您的代码编辑站点打开页面进行编辑时,将该标识信息附加到 URL (?auth_token=abcde)。例如,您可以使用数据库从编辑器应用程序生成这些令牌并从网站应用程序读取它们。然后,无需通过网站上的登录表单即可显示该页面。
If it's in a frame, then no, there's no secure way to do this based on the domain name.
What you could do is, in your authorization code, also allow some kind of URL authorization in addition to the sessions.
When your code editing site opens the page to edit it, append that identifying information to the URL (?auth_token=abcde). You might use a database to generate these tokens from the editor application and read them from the website application, for example. Then the page can be displayed without going through a login form on the website.