如何防止通过URL直接访问php页面
[英]How to prevent direct access to php pages through URL
问题描述
I have index.php that include pages like 
我有index.php,包括像
<?php
define('MyConst', TRUE);
include_once('template/header.php');
if (!empty($_GET['action'])) {
$action = $_GET['action'];
$action = basename($action);
include("template/$action.php");
} else {
include("template/main.php");
}
include_once('template/footer.php');
?>
With in a template directory I have main.php which has link to other pages like page1.php, page2.php. 在模板目录中,我有main.php,它有链接到其他页面,如page1.php,page2.php。
<a href="?action=page1">Goto page 1</a>
<a href="?action=page2">Goto page 2</a>
How could I prevent users form accessing pages directly typing " http://mydomain.com/?action=page1 " on the URL? 如何阻止用户直接在URL上输入“ http://mydomain.com/?action=page1 ”来访问页面? And redirect them to main.php if they have done it? 并将它们重定向到main.php,如果他们已经完成了吗?
5 个解决方案
解决方案1
1 2013-09-26 12:45:04
You can not. 你不能。 What you want is simply not possible. 你想要的是根本不可能的。
For the server side there is no way to know whether an URL is typed or clicked. 对于服务器端,无法知道是否键入或单击了URL。
解决方案2
1 2013-09-26 12:52:01
If I understand correctly, the thing you want is to prevent the user to access http://example.org/?action=page1 unless they came from http://example.org/?action=main . 如果我理解正确,您想要的是阻止用户访问http://example.org/?action=page1除非他们来自http://example.org/?action=main 。 To do that, you must be able to detect whether they came from http://example.org/?action=main . 为此,您必须能够检测它们是否来自http://example.org/?action=main 。 The safest way to do that is to generate some random value that you associate to the users when they access http://example.org/?action=main and to check whether there is a correct value associated to the users when they want to access http://example.org/?action=page1 . 最安全的方法是生成一些随机值,当用户访问http://example.org/?action=main时,这些值与用户关联,并检查用户是否有与用户关联的正确值访问http://example.org/?action=page1 。 If not, they tried to access that page directly. 如果没有,他们试图直接访问该页面。
解决方案3
0 2013-09-26 12:45:03
检查HTTP_REFERER,如果它没有指向正确的值(如你的meny页面),那么重定向用户。
解决方案4
0 2013-12-17 03:48:21
Maybe you can try this, On your index.php : 也许你可以试试这个,在你的index.php上:
session_start();
if(! isset($_GET['action']))
{
$_SESSION['pageAccess'] = true; # Set the key whatever you want
}
then under that script (we need that session_start() used twice) : 然后在那个脚本下(我们需要两次使用session_start()):
if(isset($_GET['action']))
{
if(! isset($_SESSION['pageAccess']) || ! $_SESSION['pageAccess'])
exit('There is no direct access allowed.');
}
Hope this help, have a nice day. 希望这有帮助,祝你有个美好的一天。
解决方案5
0 2014-08-19 03:22:49
As per your Question: 根据你的问题:
There are two approaches that you can follow: 您可以遵循两种方法:
- Use
HTTP_REFFRERand check on desired page if User is coming from the page u wanted.如果用户来自您想要的页面,请使用HTTP_REFFRER并检查所需的页面。 IF he is accessing the direct URL then show him error page.如果他正在访问直接URL,则显示错误页面。 - Use
$_SESSIONbut this approach can be harmful asSESSIONwill always be there untill browser / instance closed.使用$_SESSION但这种方法可能有害,因为SESSION将一直存在,直到浏览器/实例关闭。
So better to go for 1st approach. 第一种方法更好。 And also as per Pehaa, you can not check id URL is typed 而且根据Pehaa,您无法检查ID URL是否已键入
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.