Question

有没有办法可以将cookie值与我htaccess中保存在数据库中的字符串进行比较。？字符串是每次用户登录时生成的随机密钥。

我希望它像这样

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_COOKIE} !CookieName=Some-Cookie-Value-Script.php [NC] 
RewriteRule .* http://www.example.com/login.php [L]

// How do I check if CookieName value is equally to the one in the database 
// returned by Some-Cookie-Value-Script.php

请帮助，我已经尝试过谷歌和SO，没有幸运，

Answer 1

您无法在.htaccess中执行数据库查找（使用PHP）以获取要检查的值。 .htaccess在PHP有机会做任何事情之前很久就完成了。

你在.htaccess中可以做的是在内部重写对PHP脚本的所有请求，这些请求执行必要的查找，检查cookie并相应地处理它。类似的东西：

RewriteEngine On
RewriteCond %{REQUEST_URI} !^/cookie-check\.php
RewriteRule .* /cookie-check.php [L]

例如......如果您请求/somefile.php，上述指令会将此请求重写为/cookie-check.php。浏览器仍会在浏览器地址栏中显示/somefile.php（这是内部重写，而非外部重定向）。然后，在“cookie-check.php”中，您执行以下操作：

<?php
$cookie = isset($_COOKIE['cookiename']) ? $_COOKIE['cookiename'] : null;
if ($cookie) {
    // The cookie is set, check that it is the expected value...
    // Perform database lookup to get expected cookie value
    $expectedCookie = '<value looked up from DB>';
    if ($cookie == $expectedCookie) {
        // The cookie is set and it is the expected value
        // Check $_SERVER['REQUEST_URI'] for the requested URL and load
        // the page as normal
        // ...

    } else {
        // The cookie exists but it is not the expected value
        // Redirect to "login.php"?
    }
} else {
    // The cookie does not exist at all
    // Redirect to "login.php"?
}

Answer 2

您无法在htaccess文件中执行此操作。您必须重定向到检查cookie值的通用php页面。

Htaccess将cookie名称与数据库中的值进行比较

2 个答案: