0

私はこの質問を何度も見てきました-ここSOではありません。この点に対する回答はすべて、javascript で資格情報を使用するように言われています (そして、クライアント側の資格情報が認証を行う方法ではないことは誰もが知っています :)

シナリオは、ブログの特定のページを制御したいということです-それをすべての人に公開するまで。私は独自のドメインを持っているので、php スクリプトをホストできます。私はすでに Blogger のリーダー フィルターを試しました。これはすばらしい機能ですが、Gmail アカウントを持っていない閲覧者にとっては本当に苦痛です。

4

1 に答える 1

0

これが私の解決策です(Javascriptを使用していますが、クライアントでのユーザーとパスワードの検証はありません)。ハックですが、他の魚を捕まえる必要があり、食べる前に何マイルもかかります。

 The initial page call is this:
    http://YOUR.DOMAIN.COM/manager.php?p=login
 That prompts for the username and password 
        - ala this: http://www.php.net/manual/en/features.http-auth.php
 After login some encryption is done on an authentication cookie 
        - ala this: http://php.net/manual/en/function.mcrypt-decrypt.php
        -  or this: http://php.net/manual/en/function.openssl-decrypt.php
 The cookie is set
        - ala this: http://www.php.net/manual/en/function.setcookie.php
 And then the php file calls this present page via the following 
        - header('Location: http://YOUR2.DOMAIN.COM/p/page.html');
 * YOUR2.DOMAIN.COM points to blogger; the page is this file here which will grab the file data and insert it into a div on the page
        - see info here: http://support.google.com/blogger/bin/static.py?hl=en&ts=1233381&page=ts.cs
 Based on the param and confirming that the cookie is valid, manager.php gets the real file data and sends it out
        - ala this: http://php.net/manual/en/function.file-get-contents.php

以下を空白の Blogger ページにドロップするだけです。YOUR.DOMAIN.COM のインスタンスを置き換えるように注意してください。

<script type="text/javascript" src="http://YOUR.DOMAIN.COM/scripts/jquery-1.8.3.min.js"></script>
<script type='text/javascript'>
 var $pageUrl = "http://YOUR.DOMAIN.COM/manager.php?p=page1"; // so cool how you could setup your own domain!

 function doInitStuff()
 {
    if ($alreadyInited) return; 
    $alreadyInited = true;
    // a little hack - because though I said share cookies among (*) ".DOMAIN.COM" it wasn't getting sent
    // although it's obviously there since we get it here on YOUR2.DOMAIN.COM (originally set on YOUR.DOMAIN.COM)
    $cookies = document.cookie; 

    $result = $.ajax
    ({
        type: "GET",
        url: $pageUrl,
        dataType: 'json', // or whatever
        async: false, // force this to complete before moving on (should be quick though - since already logged in)
        //   username: 'username', // would get these from a prompt/html form - but should have already gone directly to the site to authenticate
        //   password: 'password', // did it that way, because wasn't able to get the u/p to be properly sent... this new way is better anyway
        data: $cookies, // send along the cookies - they should show up in $_GET
        success: function (result, status, jqXHR){
            // good - but for some reason wasn't getting result - just move on...
        },
        error: function (){
            // not good
        }
    });

    if ($result.status == 200)
    {
        // insert our data into our nice Div
        $('#realpageinfo').html($result.responseText);
    }

    // grrrrrr. ie strikes again! use iframes instead
    var isMSIE = eval("/*@cc_on!@*/!1");
    if ($('#realpageinfo').html() == '' || isMSIE)
    {
        //$('#realpageinfo').replaceWith("<div id='realpageinfo' style='font-weight:bold;color:red'>Internet Explorer? Sorry, but please use a different Browser.</div>");
        $('#realpageinfo').replaceWith("<div id='realpageinfo'><iframe id='realpageframe' style='width:100%;height:700px' src='" + $pageUrl + "'></iframe></div>");
    }
 }

 // Don't mind this - multiple ways to ensure the main worker function is called
 var $alreadyInited = false;
 $(document).ready(function() { doInitStuff(); });
 window.addEventListener('DOMContentLoaded',function() { doInitStuff(); });

</script>

<div id='realpageinfo'></div>

今度はサーバー側

<?php
    $cookieName = 'my_auth_cookie';
    $loggedInCookieVal = $_COOKIE[$cookieName];

    if (!isset($loggedInCookieVal))
    {
            $loggedInCookieVal = $_GET[$cookieName]; // was it passed in instead of coming through the Cookie channel?
    }

    // if $loggedInCookieVal is set, decrypt it and pull username + pwd from it - if succeeds, set $cookieValsDecrypted
    // otherwise see if the user just sent them back in response to a challenge

    // these are empty before login - and set in response to the challenge
    $curUser = $_SERVER['PHP_AUTH_USER'];
    $curPswd = $_SERVER['PHP_AUTH_PW'];

    if (!$cookieValsDecrypted && (!isset($curUser) || !isset($curPswd)))
    {
        // ask the user to authenticate (again if have to)

        header('WWW-Authenticate: Basic realm="YOUR.DOMAIN.COM"');
        header('HTTP/1.0 401 Unauthorized');

        echo "You gotta login bud - but you canceled instead";

        exit;

    } else {

        // check $curUser and $curPswd against a db or .htpasswd file, etc - or check $cookieValsDecrypted

        // if all good then send the file
        if ($matched)
        {
            switch($_GET['p'])
            {
                case 'login': // just came here to login - now done, go on to the real page that pulls the value
                    header('Location: http://YOUR2.DOMAIN.COM/p/page.html');
                break;

                case 'page1':
                    echo file_get_contents ('./page1.txt'); // show the date
                break;
            }
        } else {
            // else send the auth request again
            header('WWW-Authenticate: Basic realm="YOUR.DOMAIN.COM"');
            header('HTTP/1.0 401 Unauthorized');

            echo "Try something else, maybe";
        }
    }
?>

それだけです...お気軽に改善してください。ClyntonCaines.Comで実際の動作をご覧ください。

于 2013-03-19T05:45:00.130 に答える