Question

我有一个htaccess文件，它使用mod_rewrite将/ controller重定向到/index.php?controller=%controller％

像这样：

# Various rewrite rules.
<IfModule mod_rewrite.c>
  RewriteEngine on

  # Rewrite current-style URLs of the form 'index.php?controller=x&action=y'.
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^(.*)$ index.php?controller=$1 [L,QSA]
</IfModule>

现在，我需要做的是让其中一个控制器使用HTTP身份验证。我不是在问这是不是最好的做事方式，我只是想问怎么做。

示例：

http://www.example.com/ - It requires no auth
http://www.example.com/secret - requires auth

Answer 1

<Location /secret>
  AuthName localhost
  AuthType Basic
  AuthUserFile <file>
  Require valid-user
</Location>

Answer 2

我最终使用PHP来完成它：

if (in_array($controllerString, $configuration['protected']))
{
    $authenticated = false;
    if (!isset($_SERVER['PHP_AUTH_USER'])) {
        header('WWW-Authenticate: Basic realm="My Realm"');
        header('HTTP/1.0 401 Unauthorized');
        echo 'You are unatuhorized to access this section of the website.';
    } else if ($_SERVER['PHP_AUTH_USER'] == 'admin' && $_SERVER['PHP_AUTH_PW'] == 'admin'){
        $authenticated = true;
    }

    if (!$authenticated)
    {
        unset($_SERVER['PHP_AUTH_USER']);
        die();
    }
}

如何对特定URL（而不是目录）使用HTTP身份验证

2 个答案: