仅允许已登录的用户查看托管在同一服务器和域上的外部html站点(在子文件夹中)
I have a PHP site (site A, CakePHP 2.3) with its own login system. Then I have another "site" (it's actually an html generated ebook with its own index.html) in the same server, but on a different folder, let's call it site B.
I'm trying to allow only users that have a valid session on site A (have logged in with valid credentials) to view that ebook (access that index.html file). The main idea behind this is to prevent users from directly sharing site B's URL.
This would be easy if I could check the user's session on Site A from Site B, I could just check the $_SESSION variable, but that's not possible.
What's the simplest way to accomplish this? While not preferably, it's okay if I have to edit that index.html file from site B to add any code that could help with this.
One way I thought about was to do some javascript redirect from site A to site B that includes a POST variable, if the variable doesn't exist, then nothing is shown. This would require adding some php on that index.html on site B but I'm not sure it's the best solution, I wonder if there's something better.
Also, I have 100s of these ebooks so if it's something I can apply massively it would be much better.
EDIT:
For clarification, both sites are in the same server and have same "domain". To open site B I use a symlink from site A. For example:
Site A URL: http://example.com
Site B URL: PHP Redirect from site A to '/symlink/to/siteB/location/') which in practicality takes user to http://example.com/symlink/to/siteB/location/
我有一个PHP站点(站点A strong>,CakePHP 2.3),它有自己的登录系统 。 然后我在同一台服务器上有另一个“网站”(它实际上是一个带有自己index.html的html生成的电子书),但是在另一个文件夹上,我们称之为网站B strong>。 p> \ n
我正在尝试仅允许在网站A上具有有效会话的用户 strong>(使用有效凭据登录)来查看该电子书(访问该index.html文件)。 这背后的主要思想是阻止用户直接共享站点B的URL。 p>
如果我可以从站点B检查站点A上的用户会话,这很容易,我可以检查一下 $ _SESSION变量,但这是不可能的。 p>
实现这一目标的最简单方法是什么? 虽然不是优选的,但是如果我必须编辑来自站点B的index.html文件以添加任何可能有助于此的代码,这是可以的。 p>
我想到的一种方法是做一些 javascript重定向 strong>从站点A到站点B,其中包含 POST变量 strong>,如果该变量不存在,则不会显示任何内容。 这需要在站点B上的index.html上添加一些php,但我不确定它是最好的解决方案,我想知道是否有更好的东西。 p>
此外,我有100个这些 电子书,所以如果我能够大量应用它会更好。 p>
编辑: strong> p>
为了澄清,两者都是 站点位于同一服务器中并具有相同的“域”。 要打开站点BI,请使用站点A的符号链接。例如: p>
站点A URL: http://example.com p> li>
站点B URL:PHP从站点A重定向到'/ symlink / to / siteB / location /')实际上将用户带到 http://example.com/symlink / to / siteB / location / p> li>
ul>
div>
Create a proxy
I would use .htaccess to redirect any url pointing to pages in the book to a custom action in the CakePHP application.
This action checks for credentials and if OK then reads from disk the actual requested file and sends it to the browser. Do not redirect back or you will cause a redirect loop!
Of course you need to create a redirect that passes the original requested page as a parameter so you know what file to read.
Granted this is not supper efficient but it works. I had to solve the exact same issue in an old project.
Notes
Make sure your .htaccess rules only intercept/redirect HTML links or else you need to pay attention to setting up proper response headers for CSS or Image files.
Example of .htaccess
This needs to be in the ROOT folder of the book
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^(.*html)$ http://[FULL_LINK_TO_CAKE_APP]/proxy/load/$1
</IfModule>
Example of the proxy controller
namespace App\Controller;
/**
* Static content controller
*
* This controller will render a html file
*
*/
class ProxyController extends AppController
{
public function load($file=null){
if( !$file ){
return $this->response->body( "Error: no file specified" );
}
//THIS NEEDS TO RESOLVE THE FULL DISK PATH OF YOUR PROTECTED FILES
$pathToFiles = WWW_ROOT . '/subfolder/';
if( file_exists( $pathToFiles . $file )){
$this->response->body( file_get_contents( $pathToFiles.$file) );
return $this->response;
}
$this->response->body('Could not load the file: ' . $pathToFiles . $file);
return $this->response;
}
}
Security
Of course I assume you have setup the Auth component correctly in your AppController so the controller above will only execute if the user is logged in!