限制直接页面访问 [英] Restrict direct page access

问题描述

为了保护我正在处理的站点的管理员区域，我制作了一个包含

In attempt of securing an administrator area of a site I'm working on I made an index.php which contains

if (isset($_POST['password']) && isset($_POST['userName'])) {
        if($_POST['password']==$pass && $_POST['userName']==$username)
        {
            header( 'Location: admin.php' ) ;
        }

这会重定向到同一文件夹中名为 admin.php 的文件.问题是，如果我编写 localhost/folder/admin.php，我可以访问这个文件.请告诉我如何限制对这个页面的直接访问.访问它的唯一方法应该是在用户名和密码之后从 index.php 中.

This redirects to a file in the same folder called admin.php. The problem is that I can access this file if I write localhost/folder/admin.php. Please tell me how to restrict the direct access to this page. The only way accesing it should be from index.php after username and password.

推荐答案

设置一个会话变量并在每次有人访问 admin.php 时检查它

set a session variable and check it everytimes somebody access admin.php

<?php
  if (isset($_POST['password']) && isset($_POST['userName'])) {
      if ($_POST['password'] == $pass && $_POST['userName'] == $username) {
          if (!session_id())
              session_start();
          $_SESSION['logon'] = true;

          header('Location: admin.php');
          die();
      }
?>

和

//admin.php 

if (!session_id()) session_start();
if (!$_SESSION['logon']){ 
    header("Location:index.php");
    die();
}

这篇关于限制直接页面访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！