PHP中的重定向/返回检查 [英] Redirection / Return Check in PHP

问题描述

我有一个用 PHP 运行的网站，我有一个页面(比如 confirm.php)

I have a website running in PHP and I have a page (say confirm.php)

而且我只想让登陆到 confirm.php 的用户来自我指定的页面(例如 register.php)，我知道有可能实现吗?

And I only want to allow the users who land to confirm.php comes from a page that I specified (e.g. say register.php), may I know is it possible to achieve this?

问候，安迪.

推荐答案

你不能依赖 HTTP REFERER，因为用户可以操纵它而浏览器可以拒绝发送它.

You can not rely on the HTTP REFERER because users can manipulate it and browsers can refuse to send it.

唯一安全"的方法是在 register.php 上设置会话变量并检查该变量是否在 confirm.php 上设置.像这样:

The only "secure" way would be to set a session variable on register.php and check if that variable is set on confirm.php. Something like this:

注册.php:

session_start();
$_SESSION['valid_user'] = true;

confirm.php:

confirm.php:

session_start();
if(!isset($_SESSION['valid_user'])) {
    die("You did not come from the page i specified!");
}

然而，如果最新的页面是 register.php，这不会考虑，但用户已经在 register.php.

However, this will not take into account if the latest page was register.php, BUT that the user have been on register.php.

因为 HTTP 是无状态的，所以您需要在服务器级别对此进行跟踪.如果您没有可以跟踪所有浏览量的经过身份验证的用户，这将很难实现.您真的需要它有多安全?

Because HTTP is stateless, you need to keep track of this at the server level. If you don't have a authenticated user for which you can track all pageviews, this is going to be very hard to implement. How secure do you really need it to be?

这篇关于PHP中的重定向/返回检查的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！