PHP Cookies重定向到错误的角色
[英]PHP Cookies redirect to wrong role
问题描述
good day... i have some problem here and hopefully someone can help 
美好的一天...我在这里遇到问题,希望有人可以提供帮助
if(isset($_COOKIE['role'])== "admin")
{ echo $_COOKIE['username'];
header("location: admin/adminUI.php");
}
elseif(isset($_COOKIE['role']) == "customer")
{ echo $_COOKIE['username'];
header("location: customer/customerUI.php");
}
the cookies right in PHP i set this earlier 我在PHP中设置了Cookie,
setcookie ("username", $username, time()+3600,"/");
setcookie ("role", $role, time()+3600,"/");
but either i choose the role = admin or customer, the header will also redirect to admin page... may i know what is the problem? 但是我选择角色= admin还是客户,标题也将重定向到管理页面...我可能知道这是什么问题?
thanks 谢谢
4 个解决方案
解决方案1
0 已采纳 2013-05-25 13:41:27
If output anything before the header() directive, like you're doing with echo, the redirect won't work at all. 如果在header()指令之前输出任何内容(如对echo所做的操作),则重定向将根本无法进行。 You need to remove the echo so that redirect you're specifying in the header works. 您需要删除回显,以便您在标头中指定的重定向有效。
Also, isset() only checks if a variable is set , not if it equals another string . 同样,isset()仅检查是否设置了变量,而不检查它是否等于另一个字符串 。 Therefore, this check: 因此,此检查:
if(isset($_COOKIE['role'])== "admin")
is wrong, and should be changed to something like: 是错误的,应更改为:
if(isset($_COOKIE['role']) && $_COOKIE['role'] == "admin")
Finally, as mentioned, you should never ever ever base checking of priviledges depending on the value of a cookie, as these can be changed by the users using simple client side tools. 最后,如上所述,您永远都不应根据cookie的值对特权进行基础检查,因为用户可以使用简单的客户端工具来更改这些特权。 Use sessions instead. 请改用会话。
Check the PHP session handling page for more info: 检查PHP会话处理页面以获取更多信息:
http://www.php.net/manual/en/book.session.php http://www.php.net/manual/zh/book.session.php
Here's a relatively straightforward example of how to authenticate users in PHP, using sessions and a MySQL database: 这是一个相对简单的示例,说明如何使用会话和MySQL数据库在PHP中对用户进行身份验证:
http://www.phpeasystep.com/phptu/6.html http://www.phpeasystep.com/phptu/6.html
解决方案2
0 2013-05-25 13:43:50
First, trusting a cookie -- which is easily edited by a user -- is like hanging the key to your apartment on you front door in plain sight. 首先,信任Cookie(用户可以轻松地对其进行编辑)就像将公寓的钥匙挂在前门上一样清晰可见。 It's kinda worse than having no security at all. 这比根本没有安全性还差。
That said, you shouldn't echo before header() (at least not without output buffering). 就是说,您不应在header()之前echo (至少在没有输出缓冲的情况下)。 Read the notes in the header() documentation . 阅读header()文档中的注释 。 Also, echoing anything before redirect is meaningless. 同样,在重定向之前回显任何内容都是没有意义的。
Last, but not least, the isset() issue, as Filippos beat me to it. 最后但并非最不重要的一点是isset()问题,因为Filippos击败了我。
解决方案3
0 2013-05-25 13:43:57
It is not advisable to use COOKIE is such cases. 在这种情况下,建议不要使用COOKIE。 A more better approach would be to use SESSION variables. 更好的方法是使用SESSION变量。 Also there is not point of using echo as you are redirecting in the very next statement. 另外,在下一条语句中进行重定向时,没有必要使用echo。 Last but not the least, you cannot use '==' with isset function. 最后但并非最不重要的一点是,不能与isset函数一起使用'=='。
Go through this Isset Function 通过此Isset函数
解决方案4
0 2013-05-25 13:44:53
This right code: 正确的代码:
if(isset($_COOKIE['role'])&&$_COOKIE['role']== "admin")
{
header("location: admin/adminUI.php");
}
elseif(isset($_COOKIE['role'])&&$_COOKIE['role'] == "customer")
{
header("location: customer/customerUI.php");
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.