PHP除非已登录,否则限制访问管理页面
[英]PHP Restrict Access To Admin Page Unless Logged In
问题描述
I've been thinking about methods for restricting access to admin page. 
我一直在考虑限制访问管理页面的方法。 One of them was using sessions and using the next code section in the admin page: 其中之一是使用会话,并使用管理页面中的下一个代码部分:
if (!isset($_SESSION['is_admin'])) {
header('Location: index.php');
exit;
}
I'd like to know if there's another method for doing it , which is considered more secure. 我想知道是否还有另一种方法可以做到,这被认为更安全。 Every new point of view towards this issue will be considered helpful , thanks in advance. 预先感谢您对此问题提出的每一种新观点。
2 个解决方案
解决方案1
2 已采纳 2014-08-23 22:13:58
Sessions are secure enough (if used properly), what your doing will be fine for 99% of the time. 会话是足够安全的(如果使用得当),在99%的时间内您的工作都会很好。 However, there are other things you can look into, like cookies , which work like sessions but are stored on the users computer and expire at a certain date. 但是,您还可以查看其他内容,例如cookie ,它们的工作方式类似于会话,但存储在用户计算机上并在特定日期过期。 Cookies are cool because they don't expire when the browser is closed, so be careful what you store in them. Cookies很酷,因为它们在关闭浏览器时不会过期,因此请注意存储在其中的内容。 Another thing to consider is SSL . 要考虑的另一件事是SSL 。 If security is your concern you can secure session data with an SSL certificate. 如果您担心安全性,则可以使用SSL证书保护会话数据。 Another thing you could do is password protect an entire directory with Apache or whatever server you're using. 您可以做的另一件事是使用Apache或您使用的任何服务器对整个目录进行密码保护 。
解决方案2
1 2014-08-23 22:11:43
Your code seems to be matching your needs. 您的代码似乎符合您的需求。 I suggest to put your admin environment into a subfolder and protect the folder via .htaccess. 我建议将您的管理环境放入子文件夹并通过.htaccess保护该文件夹。 A lot of webhosts let you do this (protect a folder) even by UI so it could be quite comfortable and is also secure. 许多Web主机都允许您通过UI来执行此操作(保护文件夹),因此它可能非常舒适并且安全。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.