我已经多次看过这个问题 - 只是不在这里。这一点的答案都说在javascript中使用使用凭证(我们都知道客户端凭据无法进行身份验证:)
场景是我想在我的博客上控制某个页面 - 直到我把它放到每个人身上。我有自己的域名,所以我可以托管php脚本。我已经尝试过Blogger的阅读器过滤器了 - 这很棒,但是对于没有Gmail帐号的观众来说,这是一个真正的痛苦
答案 0 :(得分:0)
这是我的解决方案(使用Javascript - 但客户端没有用户+密码验证)。这是一场黑客攻击 - 但是在我吃饭之前,我还有其他的鱼可以捕获并且还有很长的路要走。
The initial page call is this:
http://YOUR.DOMAIN.COM/manager.php?p=login
That prompts for the username and password
- ala this: http://www.php.net/manual/en/features.http-auth.php
After login some encryption is done on an authentication cookie
- ala this: http://php.net/manual/en/function.mcrypt-decrypt.php
- or this: http://php.net/manual/en/function.openssl-decrypt.php
The cookie is set
- ala this: http://www.php.net/manual/en/function.setcookie.php
And then the php file calls this present page via the following
- header('Location: http://YOUR2.DOMAIN.COM/p/page.html');
* YOUR2.DOMAIN.COM points to blogger; the page is this file here which will grab the file data and insert it into a div on the page
- see info here: http://support.google.com/blogger/bin/static.py?hl=en&ts=1233381&page=ts.cs
Based on the param and confirming that the cookie is valid, manager.php gets the real file data and sends it out
- ala this: http://php.net/manual/en/function.file-get-contents.php
将以下内容放入空白的Blogger页面 - 注意更换YOUR.DOMAIN.COM的实例
<script type="text/javascript" src="http://YOUR.DOMAIN.COM/scripts/jquery-1.8.3.min.js"></script>
<script type='text/javascript'>
var $pageUrl = "http://YOUR.DOMAIN.COM/manager.php?p=page1"; // so cool how you could setup your own domain!
function doInitStuff()
{
if ($alreadyInited) return;
$alreadyInited = true;
// a little hack - because though I said share cookies among (*) ".DOMAIN.COM" it wasn't getting sent
// although it's obviously there since we get it here on YOUR2.DOMAIN.COM (originally set on YOUR.DOMAIN.COM)
$cookies = document.cookie;
$result = $.ajax
({
type: "GET",
url: $pageUrl,
dataType: 'json', // or whatever
async: false, // force this to complete before moving on (should be quick though - since already logged in)
// username: 'username', // would get these from a prompt/html form - but should have already gone directly to the site to authenticate
// password: 'password', // did it that way, because wasn't able to get the u/p to be properly sent... this new way is better anyway
data: $cookies, // send along the cookies - they should show up in $_GET
success: function (result, status, jqXHR){
// good - but for some reason wasn't getting result - just move on...
},
error: function (){
// not good
}
});
if ($result.status == 200)
{
// insert our data into our nice Div
$('#realpageinfo').html($result.responseText);
}
// grrrrrr. ie strikes again! use iframes instead
var isMSIE = eval("/*@cc_on!@*/!1");
if ($('#realpageinfo').html() == '' || isMSIE)
{
//$('#realpageinfo').replaceWith("<div id='realpageinfo' style='font-weight:bold;color:red'>Internet Explorer? Sorry, but please use a different Browser.</div>");
$('#realpageinfo').replaceWith("<div id='realpageinfo'><iframe id='realpageframe' style='width:100%;height:700px' src='" + $pageUrl + "'></iframe></div>");
}
}
// Don't mind this - multiple ways to ensure the main worker function is called
var $alreadyInited = false;
$(document).ready(function() { doInitStuff(); });
window.addEventListener('DOMContentLoaded',function() { doInitStuff(); });
</script>
<div id='realpageinfo'></div>
现在是服务器端
<?php
$cookieName = 'my_auth_cookie';
$loggedInCookieVal = $_COOKIE[$cookieName];
if (!isset($loggedInCookieVal))
{
$loggedInCookieVal = $_GET[$cookieName]; // was it passed in instead of coming through the Cookie channel?
}
// if $loggedInCookieVal is set, decrypt it and pull username + pwd from it - if succeeds, set $cookieValsDecrypted
// otherwise see if the user just sent them back in response to a challenge
// these are empty before login - and set in response to the challenge
$curUser = $_SERVER['PHP_AUTH_USER'];
$curPswd = $_SERVER['PHP_AUTH_PW'];
if (!$cookieValsDecrypted && (!isset($curUser) || !isset($curPswd)))
{
// ask the user to authenticate (again if have to)
header('WWW-Authenticate: Basic realm="YOUR.DOMAIN.COM"');
header('HTTP/1.0 401 Unauthorized');
echo "You gotta login bud - but you canceled instead";
exit;
} else {
// check $curUser and $curPswd against a db or .htpasswd file, etc - or check $cookieValsDecrypted
// if all good then send the file
if ($matched)
{
switch($_GET['p'])
{
case 'login': // just came here to login - now done, go on to the real page that pulls the value
header('Location: http://YOUR2.DOMAIN.COM/p/page.html');
break;
case 'page1':
echo file_get_contents ('./page1.txt'); // show the date
break;
}
} else {
// else send the auth request again
header('WWW-Authenticate: Basic realm="YOUR.DOMAIN.COM"');
header('HTTP/1.0 401 Unauthorized');
echo "Try something else, maybe";
}
}
?>
就是这样......随意改进。请在此处查看ClyntonCaines.Com