如何美元的管理页面p $ pvent获得通过了解管理页面的url？ [英] How to prevent access of admin pages by knowing the admin page url?

问题描述

如果有人知道我的管理页面的URL，例如www.example.com/admin.php，那么他们将很容易通过直接accesing该URL访问该页面。如何限制这一点。请帮忙

If someone knows my url of the admin page such as www.example.com/admin.php, then they will easily access the page by directly accesing that url. How to restrict this. Please help

推荐答案

您永远不应该让管理部分市民。你不能靠默默无闻为此，授权是要走的路。您可以通过使用.htacces为此，这里描述，或依靠PHP。粗例子如下所示。

You should never make the admin section public. You can't rely on obscurity for this, authorisation is the way to go. You can do this by using .htacces, as described here, or by relying on PHP. A crude example follows below.

下面是一个简单的登录的实现。如果密码正确，将允许用户去admin.php文件。你应该阅读上的会话PHP手册不过，因为会话头应在后面的登录页每一页上present。该密码处理可以处理更安全的为好。

Below is a simple login implementation. If the password is correct it will allow the user to go to admin.php. You should read the PHP manual on sessions though, because the session header should be present on every page behind the login page. The password handling could be handled more secure as well.

<?php
  session_name('MyAdminSession');
  session_start();

  if (isset($_POST['userid']) && isset($_POST['password'])) {
    $userid = $_POST['userid'];
    $password = md5($_POST['password']);

    if ($userid == 'myusername' && $password == md5('mypassword')) {
      $_SESSION['logged_in'] = true;
      header('location: admin.php');
      exit;
    }
  }
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="nl">
  <head>
    <meta http-equiv="content-type" content="text/html; charset=utf-8" />
    <title>My login page</title>
  </head>
  <body>
    <form action="index.php" method="post">
    <label for="userid">Username: </label><br />
    <input name="userid" type="text" id="userid" /><br />
    <label for="password">Password: </label><br />
    <input name="password" type="password" id="password" /><br />
    <p><input type="submit" name="submit" class="button" value="Log In" /></p>
    </form>
  </body>
</html>

这篇关于如何美元的管理页面p $ pvent获得通过了解管理页面的url？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！