开发者

.htaccess file affecting include files (including images)

开发者 https://www.devze.com 2023-04-06 11:35 出处:网络
I\'m currently trying to use a script that ensures users are logged into a central sign-on system. The problem is that any files, including PHP and image files, in this sub-folder are not accessible

I'm currently trying to use a script that ensures users are logged into a central sign-on system.

The problem is that any files, including PHP and image files, in this sub-folder are not accessible when included, whether simply when using <?php include 'file.php' ?>, just as an image, i.e. <img src="image.png" />, etc.

The code that I am using in the .htaccess file is below:

RewriteEngine on
# The original URL is set as an environment variable SSO_REQUESTED rather than
# a query parameter, so it's not vulnerable to hacking.
# It shows up in PHP as $_SERVER['REWRITE_SSO_REQUESTED'].
RewriteCond %{REQUEST_URI} !ssoclient
RewriteRule (.+) /sso/ssoclientfilter.php [E=SSO_REQUESTED:$1,L]

Any help here would be greatly appr开发者_开发技巧eciated.


If the point of your code is to make sure that your users are logged into a central sign-in system wouldn't the PHP code:

<?php

if (!isset ($_COOKIE[ini_get('session.name')])) {
     session_start();
}else{
     print "<SCRIPT>window.location='/sso/ssoclientfilter.php';</SCRIPT>";
}

In the above code, anyone without a session previously started gets directed to your ssoclientfilter.php and your other images and folders aren't touched. This placed where your session_start() is located should cover your issue.


To use the relative paths for include is pretty bad behavior. You really should set some variable or constant with your document root path in your script. Same for HTML: you should include BASE tag into the header to set the base (root) for relative paths of your images, styles, scripts, etc. Also, could be useful to set RewriteBase in your htaccess.

However, it is strange, that the htaccess affects also php's include which usually uses file system's path, not URI.

0

精彩评论

暂无评论...
验证码 换一张
取 消