如果未在管理面板上登录,则需要有关如何重定向用户的指南 [英] Needing guidance on how to redirect a user if not logged in on admin panel
问题描述
目前,我有一个非常基本的管理员登录系统.我可以通过admin_login.php页面登录,该页面包含我login.php页面中的脚本,我可以从admin_control_panel.php更新记录.我主要担心的是,任何人都可以直接在地址栏中输入这些URL并绕过登录过程.
At the moment I have an extremely basic admin login system. I am able to login in through my admin_login.php page which has a script from my login.php page I can update records from the admin_control_panel.php. My main concern is the fact that anyone can type these URL's straight into the address bar and bypass the login procedure.
此刻我的代码不是基于安全性的(我只是试图使我的所有基本功能和特性正常运行,然后我将重点放在安全性上.)
My code at the moment isn't based around security (I am just trying to get all my basic functionality and features up and running, I will then focus on security).
我知道我必须使用会话来跟踪用户是否登录,但是对于在哪里实现这些会话,我有些困惑.
I know that I have to use sessions to track if the user is logged in or not but I am becoming a bit confused as to where I will implement these session.
我的问题是:我在哪些页面中包含代码?我在页面的哪些位置包含这些会话?这些文件中包含什么?
My questions is: What pages do I include the code in?, where on the pages do I include these sessions? and what do I include in these files?
我想要的是能够在用户未登录的情况下将其重定向回登录页面.
What I want is to be able to redirect the user back to the login page if they are not logged in.
admin_login.php
admin_login.php
<?php
$dbhost = 'x';
$dbuser = 'x';
$dbpass = 'x';
$con = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $con )
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db('x');
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="css/master.css">
</head>
<body>
<form method="post" action="login.php">
User:<input name="username" type="text">
Pass:<input name="password" type="password">
<input name="submit" type="submit" value="Submit">
</form>
</body>
</html>
login.php
login.php
<?php
$dbhost = 'x';
$dbuser = 'x';
$dbpass = 'x';
$con = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $con )
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db('x', $con);
$query = "SELECT username FROM members ".
"WHERE username=\"$_POST[username]\" ".
"AND password = \"$_POST[password]\"";
$result = mysql_query($query, $con);
mysql_data_seek($result, 0);
if (mysql_num_rows($result) == 0)
header("Location: admin_login.php");
else
header("Location: admin_control_panel.php");
?>
admin_control_panel.php
admin_control_panel.php
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Untitled 3</title>
</head>
<body>
<?php
include('./upload.html');
?>
</body>
</html>
谢谢.
推荐答案
最好的方法是使用sessions.
在login.php中执行以下操作
Best way to do that is with sessions.
In the login.php do something like this
if (mysql_num_rows($result) == 0) {
header("Location: admin_login.php");
} else {
header("Location: admin_control_panel.php");
session_start();
$_SESSION['user'] = $_POST['username'];
}
现在在文件顶部的admin_control_panel.php中,只需添加此php代码以检查$ _SESSION ['user']是否存在.
Now in the admin_control_panel.php at the top of the file, just add this php code to check if $_SESSION['user'] exists.
<?php
if (! isset($_SESSION['user'])) {
header("Location: admin_login.php");
}
?>
基本上,使用此代码可以在登录正确的情况下使用用户数据创建会话.如果不是,默认情况下,他将被重定向到登录页面. 现在,当有人尝试访问admin_control_panel页面时,我们将首先检查是否设置了会话.如果是真的,他可以访问该页面,否则,他将被重定向到登录名.
Basically with this code you will create session with user data if login is correct. If it's not, he will by default get redirected to the login page. Now when someone tries to access admin_control_panel page, we will first check if session is set. If it's true, he can access the page, if not, he will get redirected to the login.
有关会话的更多信息,请参见: PHP.net会话手册和
For more read about session: PHP.net Session manual and w3schools.com Session manual
*注意.要注销,您必须销毁会话,使用session_destroy();函数即可.
*Note. To logout, you gotta destroy session, to do that use session_destroy(); function.
这篇关于如果未在管理面板上登录,则需要有关如何重定向用户的指南的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
