一.直接在apache配置配置用户信息
1.apache配置可以参考外部文档
https://developer.aliyun.com/article/5070492.上面配置好在php获取用户信息(登录apache会拦截)
$userName = $_SERVER['PHP_AUTH_USER'];$password = $_SERVER['PHP_AUTH_PW'];二.上面直接用apache配置登录拦截,项目所有的路由都被登录拦截,但是有些路由不希望被登录拦截只能在php做登录拦截
1.apache只管用.htpasswd 配置用户密码就行
2.直接在php用exec来执行验证账号和密码登录,用$_SESSION来记录登录用户
//这里做登录拦截,首页/index会被isLogin登录拦截public function isLogin(){//点击退出登录时if(!empty($_SESSION['logout'])){$this->linkLoginPage();$_SESSION['logout'] = false;exit;}//没有登录成功,重新登录if (!isset($_SERVER['PHP_AUTH_USER'])) {$this->linkLoginPage();exit;} else {$userName = $_SERVER['PHP_AUTH_USER'];$password = $_SERVER['PHP_AUTH_PW'];//如果登录的用户跟之前session的用户一样,就不需要验证了,证明之前已经验证过账号密码了,否则验证登录账号和密码是否正确if(!(!empty($_SESSION['username']) && $_SESSION['username'] == $userName)){exec("htpasswd -vb /etc/httpd/.htpasswd $userName $password",$output,$code);/* 状态码解释(0是成功,1一般可能是文件没有权限,文件/etc/httpd/.htpasswd,文件没权限的话设置apache:chown apache:apache /etc/httpd/.htpasswd或者设置为最高权限:chmod 777 /etc/httpd/.htpasswd):* (* 查看命令来源:whereis htpasswd(例如返回:/usr/bin/htpasswd /usr/share/man/man1/htpasswd.1.gz)* 可以解压看一下/usr/share/man/man1/htpasswd.1.gz命令code说明,解压后里面文件有下面说明:* htpasswd returns a zero status ("true") if the username and password have been successfully added or updated in the \fIpasswdfile\fR\&. htpasswd returns 1 if it encounters some problem accessing files, 2 if there was a syntax problem with the command line, 3 if the password was entered interactively and the verification entry didn't match, 4 if its operation was interrupted, 5 if a value is too long (username, filename, password, or final computed record), 6 if the username contains illegal characters (see the Restrictions section), and 7 if the file is not a valid password file\&.* )** 备注:* 1.在机器直接执行命令是有输出的,但在代码执行我看$output输出是空的* 2.关于exec命令有疑问可以看一下博客:https://blog.itpub.net/8227599/viewspace-934479/*/if($code ===0){$_SESSION['username'] = $userName;}else{$this->linkLoginPage();exit;}}}}public function linkLoginPage(){header('WWW-Authenticate: Basic realm="My Realm"');header('HTTP/1.0 401 Unauthorized');}/** 路由:/logout* 退出登录*/public function logout(){unset($_SESSION['username']);//标记状态$_SESSION['logout'] = true;//跳转回首页,让首页执行重新登录,如果在当前路由执行登录,登录成功还是在当前路由header("location:/index");}
