[英]Prevent direct url access in codeigniter
I have made a ecommerce website, where after placing order I redirect users to success page with order number. 我已经建立了一个电子商务网站,在下订单后,我将用户重定向到带有订单号的成功页面。 If order number doesn't exist,then id would be passed.
如果订单号不存在,则将传递ID。 But there is a problem when neither there exist order number nor order id then too success page is showing some previous orders placed if direct url is pasted.
但是,如果粘贴直接URL时,既没有订单号也没有订单ID,那么成功页面也会显示一些先前的订单,这是一个问题。 Eg :
www.mywebsite.com/order/success/5000
, here 5000 doesn't exist so it should redirect me to 404 error page. 例如:
www.mywebsite.com/order/success/5000
,这里不存在5000,所以应该将我重定向到404错误页面。
MY_controller
MY_controller
$order_num = $this->order_model->getOrderNum($order_id);
if(empty($order_num)){
$order_num = $order_id.'/id';
}
$redirect_url = 'order/success/'.$order_num.'/';
?>
<script>
function redirect_success(url) {
location.assign(url);
}
var success = '<?=$redirect_url?>';
redirect_success(success);
</script>
My_Model
我的模型
public function getOrderNum($order_id = ''){
$returnVal = false;
$sql = "SELECT order_num FROM order_table";
$sql .= " WHERE order_id = '{$order_id}'";
$query = $this->db->query($sql);
if($query->num_rows() > 0){
$result = $query->result_array();
$row = $result[0];
$returnVal = $row;
}
return $returnVal['order_num'];
}
One way is to check in the order/success controller whether the page referer is coming from the order/place page. 一种方法是检查订单/成功控制器中的页面引用者是否来自订单/地点页面。
So in order/success, if http_referer header is not set or not from order/place, redirect to 404. 因此,为了顺序/成功,如果未设置http_referer标头,或者未从顺序/位置设置http_referer标头,请重定向至404。
Add in order/success/ controller: 按顺序/成功/控制器添加:
if( !isset($_SERVER['HTTP_REFERER']) || strpos($_SERVER['HTTP_REFERER'], "order/place") === -1 ) {
$this->load->helper('url');
redirect('/page404');
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.