通过 PHP 验证 Apache 目录

发布于 2024-10-21 00:16:17 字数 917 浏览 5 评论 0原文

大家好,

我设置了一个目录,其中包含一些 Apache Auth 内容。这是目录: http://gojalapeno.com/intranet/content/ado-jeune

使用 ado-jeune :tezesyrab 登录。

下面是为其提供支持的 .htaccess 代码:

AuthName "Connexion au dossier:"
AuthType Basic
AuthUserFile "D:\Dropbox\htaccess\secret\.htpasswd"
Require valid-user

现在该目录的登录表单是由浏览器生成的,但我希望为此使用我自己的 HTML 表单。我该怎么做呢?我尝试过在 PHP 中使用 cURL:

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://gojalapeno.com/intranet/content/ado-jeune');
curl_setopt($ch, CURLOPT_USERPWD, 'ado-jeune:tezesyrab');
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_exec($ch);
curl_close($ch);

这验证得很好,但问题是它不会重定向到页面(尽管有 CURLOPT_FOLLOWLOCATION),它只是将其“包含”在当前文件中。因此,我所有的相关链接都被破坏了。

因此,我正在寻找一种方法,使用我自己的 HTML 表单对 Apache Basic Auth 目录进行身份验证,然后重定向到该目录。

谢谢!

Good day everyone,

I have a directory set up with some Apache Auth stuff. Here is the directory:
http://gojalapeno.com/intranet/content/ado-jeune

Use ado-jeune:tezesyrab to login.

Here is the code for the .htaccess that powers it:

AuthName "Connexion au dossier:"
AuthType Basic
AuthUserFile "D:\Dropbox\htaccess\secret\.htpasswd"
Require valid-user

Now the login form for that directory is generated by the browser, but I wish to use my own HTML form for this. How can I do it? I've tried using cURL with PHP:

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://gojalapeno.com/intranet/content/ado-jeune');
curl_setopt($ch, CURLOPT_USERPWD, 'ado-jeune:tezesyrab');
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_exec($ch);
curl_close($ch);

That authenticates fine, but the problem with that is that it doesn't redirect to the page (despite the CURLOPT_FOLLOWLOCATION), it merely "includes" it in the current file. As such, all my relative links are broken.

So what I'm looking for is a way to use my own HTML form to authenticate to an Apache Basic Auth directory, and to redirect to that directory after.

Thanks!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

菊凝晚露 2024-10-28 00:16:17

不幸的是,由于 AuthBasic 的工作方式,您所描述的内容将很难实现。来自 Apache 文档

由于指定基本身份验证的方式,每次从服务器请求文档时都必须验证您的用户名和密码。即使您重新加载同一页面以及页面上的每个图像(如果它们来自受保护的目录)也是如此。

在用户输入用户凭据后,浏览器会自动为每个后续请求发送用户凭据。

但在您的情况下,浏览器本身并没有连接到受保护的目录,而是 cURL 。一种解决方案是让 cURL 处理对该受保护目录的所有请求,本质上充当代理。

要实现此目的,您必须编写一个 PHP 脚本来请求用户的凭据,并在请求受保护目录中的页面时将这些凭据一起发送。所以像这样:

<?php

    // This is *very* basic - you would of course need to make sure the user 
    // isn't trying to access something in another location
    $dest = $_GET["dest"];

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, 'http://gojalapeno.com/intranet/content/' . $dest);

    // You would retrieve the user's credentials from an HTML form and save them in session vars
    curl_setopt($ch, CURLOPT_USERPWD, $_SESSION["username"] . ":" . $_SESSION["password"]);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);

    curl_exec($ch);

    curl_close($ch);

?>

希望这有帮助!

Unfortunately, what you're describing is going to be difficult to implement due to the way that AuthBasic works. From Apache's documentation:

Because of the way that Basic authentication is specified, your username and password must be verified every time you request a document from the server. This is even if you're reloading the same page, and for every image on the page (if they come from a protected directory).

Browsers handle sending the user's credentials automatically for each subsequent request after the user enters them in.

But in your case, the browser itself is not connecting to the protected directory, but rather cURL is. One solution would be to have cURL process all requests to that protected directory, in essence acting as a proxy.

To accomplish this, you would have to write a PHP script that requests the user's credentials and sends them along as it requests a page in the protected directory. So something like this:

<?php

    // This is *very* basic - you would of course need to make sure the user 
    // isn't trying to access something in another location
    $dest = $_GET["dest"];

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, 'http://gojalapeno.com/intranet/content/' . $dest);

    // You would retrieve the user's credentials from an HTML form and save them in session vars
    curl_setopt($ch, CURLOPT_USERPWD, $_SESSION["username"] . ":" . $_SESSION["password"]);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);

    curl_exec($ch);

    curl_close($ch);

?>

Hope this helps!

寄意 2024-10-28 00:16:17

也许您可以定义自己的错误文档,其中包含 .htaccess 中的表单:

ErrorDocument 401 /my_custom_password_form.html

请参阅 http://httpd.apache.org/docs/2.0/custom-error.html

Maybe you can define your own error document that includes the form in .htaccess:

ErrorDocument 401 /my_custom_password_form.html

See http://httpd.apache.org/docs/2.0/custom-error.html

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文