PHP中重定向页面中的授权控制
[英]Authorization control in redirected page in php
问题描述
I have a simple controller which shows confirmations to be approved.When the users press register button confirmation page is shown. 
我有一个简单的控制器,其中显示要批准的确认。当用户按下注册按钮时,将显示确认页面。
But when users enter url as ..../confirmation without registering , the page is shown. 但是,如果用户在未注册的情况下将URL输入为.... / confirmation,则会显示该页面。 I dont want it to be shown without registering. 我不希望不注册就显示它。
in asp.net mvc4 this can be done with ChildActionOnly anotation. 在asp.net mvc4中,可以使用ChildActionOnly注释来完成。
Is it possible? 可能吗?
3 个解决方案
解决方案1
0 2013-09-26 09:09:47
First make sure you have the session started: 首先确保您已开始会话:
<?php session_start(); ?>
OK, this seems to be quite simple - after registration, and before you redirect a user to the confirmation page, do something like this (this is pseudo-code naturally). 好的,这似乎很简单-在注册之后,以及在将用户重定向到确认页面之前,请执行以下操作(这自然是伪代码 )。 Let's say the $user->registered() returns TRUE/FALSE as a result of registration, and $user->hasConfirmedRegistration() returns TRUE/FALSE as a result of reistration confirmation. 假设$ user-> registered()作为注册结果返回TRUE / FALSE,而$ user-> hasConfirmedRegistration()作为注册确认结果返回TRUE / FALSE。 So you should do something like: 因此,您应该执行以下操作:
//this should be in your registration controller/function, i.e. /users/register
if ($user->registered()) {
$_SESSION['showConfirmation'] = TRUE;
}
Then you should put this in the beggining of your function, to prevent showing your confirmation page to non-registered users. 然后,应将其放在功能的开头,以防止向未注册用户显示确认页面。
//This should be in your confirmation controller/function,
//i.e. /users/confirm_registration:
//if user has not registered, do not show the page
if (! $_SESSION['showConfirmation']) {
header('Location: /'); // redirect to main page
return;
}
// -- enter code that handles storing confirmation, handling $_GET/$_POST etc. --
//then unset session variable, which is no longer needed
if ($user->hasConfirmedRegistration()) {
unset($_SESSION['showConfirmation']);
}
解决方案2
0 2013-09-26 09:09:49
I dont fully understand what you're trying to achieve without seeing your code. 我没有完全看到您的代码就无法完全理解您要实现的目标。 But it sounds like you dont want someone to beable to access a specific page without performing an action first. 但这听起来好像您不希望某人无需先执行操作即可访问特定页面。
Something like this might help you. 这样的事情可能会帮助您。
<?php
session_start();
if(!session_is_registered(somesessionamehere)){
header("location:form.php");
}
?>
Register a session when the user submits the form, then when they go to that page it checks to see if the session is registered. 当用户提交表单时注册会话,然后当他们转到该页面时,它将检查会话是否已注册。 If it isn't then it redirects to the previous page. 如果不是,则重定向到上一页。
Have a look at this URL for a login based example: http://www.phpeasystep.com/phptu/6.html 查看此URL,以获取基于登录的示例: http : //www.phpeasystep.com/phptu/6.html
解决方案3
0 2013-09-26 09:11:02
As I understand, you need to check, on your confirmation page, that the user has just send registration data. 据我了解,您需要在确认页面上检查用户是否刚刚发送了注册数据。
For example, if you have an input field named "login" in your form, you can check the presence and value of "login" in either $_REQUEST , $_POST or $_GET , depending on your form "method" attribute. 例如,如果您的表单中有一个名为“ login”的输入字段,则可以根据表单的“ method”属性来检查$_REQUEST , $_POST或$_GET中“ login”的存在和值。 If it's not there, the form has not been posted and you can assume that the user just entered the URL. 如果不存在,则该表单尚未发布,您可以假定用户只是输入URL。 You can redirect him to the login page. 您可以将他重定向到登录页面。
<form method="post" action="/confirmation">
<input type="text" name="login" />
[...]
<input type="submit" />
</form>
<?php
if (!isset($_POST["login"])) {
// redirect
header("HTTP/1.0 302 Found");
header("Location: /login");
return;
}
// show confirmation
// [...]
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.