PHP 5-保护站点的管理区域 [英] PHP 5 - Securing an admin area of a site
问题描述
我目前正在使用Kohana作为框架编写一些MVC网站.每个区域都有一个简单的管理区域,管理员可以在其中上载和编辑内容.我目前正在将管理员的用户模型存储在会话中,并通过以下方法检查他们是否是管理员:
I'm currently writing a couple of MVC sites using Kohana as my framework. Each has a simple admin area where the admin can upload and edit content. I'm currently storing the admin's user model in a session and checking whether or not they're an administrator with the following method:
private function checkAdmin()
{
if (!isset($_SESSION['admin']) || $_SESSION['admin']->Level !== 'admin')
{
header('Location: /admin');
exit;
}
}
我在所有其他管理员控制器方法中都调用此方法,如下所示:
I call this method in all of the other Admin controller methods, like so:
public function writeReview()
{
$this->checkAdmin();
// rest of the method
}
我只是想知道我是否可以做些改进.似乎是单点故障,使我难闻,所以在确定之前,我有点累了.
I'm just wondering if there's anything I can do to improve this. It just seems like a single point of failure that's giving me a bad smell, so I'm a bit weary to move on before getting this nailed down.
推荐答案
-
仅当用户不是管理员时,您的功能才似乎重定向到
/admin.如果那是预期的结果,那就好.
Your function appears to be redirecting to
/adminonly if the user is not an administrator. If that's the intended result, then fine.
-算了,我的错.
checkAdmin()函数依赖于重定向,仅在要重定向的情况下有用.例如,如果您正在处理脚本中使用它(并且应该正在检查它是处理脚本中的管理员),则只想返回true或false.我建议将其作为基本函数,然后将其作为重定向函数调用,或者作为替代,接受和可选参数以进行重定向.
The checkAdmin() function, as it relies on a redirect, is only useful in situations where you want to redirect. If, for example, you are using this in the processing script (and you should be checking if it's an administrator in the processing script), you just want a return true or return false. I suggest that be the base function, and a redirect function call that, or alternative, accept and optional parameter to redirect.
这篇关于PHP 5-保护站点的管理区域的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
