限制直接页面访问 [英] Restrict direct page access
本文介绍了限制直接页面访问的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
为了保护我正在处理的网站的管理员区域,我制作了一个包含
In attempt of securing an administrator area of a site I'm working on I made an index.php which contains
if (isset($_POST['password']) && isset($_POST['userName'])) {
if($_POST['password']==$pass && $_POST['userName']==$username)
{
header( 'Location: admin.php' ) ;
}
这将重定向到名为admin.php的同一文件夹中的文件.问题是,如果我写localhost/folder/admin.php
,就可以访问该文件.请告诉我如何限制直接访问此页面.访问它的唯一方法应该是从用户名和密码之后的index.php访问.
This redirects to a file in the same folder called admin.php. The problem is that I can access this file if I write localhost/folder/admin.php
. Please tell me how to restrict the direct access to this page. The only way accesing it should be from index.php after username and password.
推荐答案
设置会话变量并在每次有人访问admin.php时进行检查
set a session variable and check it everytimes somebody access admin.php
<?php
if (isset($_POST['password']) && isset($_POST['userName'])) {
if ($_POST['password'] == $pass && $_POST['userName'] == $username) {
if (!session_id())
session_start();
$_SESSION['logon'] = true;
header('Location: admin.php');
die();
}
?>
和
//admin.php
if (!session_id()) session_start();
if (!$_SESSION['logon']){
header("Location:index.php");
die();
}
这篇关于限制直接页面访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文