通过输入URL阻止直接访问网页
[英]Prevent direct access to a webpage by typing the URL
问题描述
So I'm hosting my website (let's call is abc.com ) on goDaddy. 
因此,我在goDaddy上托管了我的网站(我们的电话为abc.com )。
I have a login page ( abc.com/login.html ). 我有一个登录页面( abc.com/login.html )。
Which takes me to a second page called booking ( abc.com/booking.html ) once the login credentials are verified. 验证登录凭据后,将转到第二个页面,称为预订( abc.com/booking.html )。
So I don't want people to be able to just type abc.com/booking.html and access it. 因此,我不希望人们能够输入abc.com/booking.html并进行访问。 I want them to go to abc.com/login.html and then go to abc.com/booking.html 我希望他们去abc.com/login.html ,然后去abc.com/booking.html
So I came across 2 ways to fix this - 所以我遇到了2种解决方法-
- Include a validating php script in booking.html and changing the extension from html to phtml. 在booking.html中包含一个可验证的PHP脚本,并将扩展名从html更改为phtml。 -> This didn't work for me ->这对我不起作用
- Include a .htacess file. 包括一个.htacess文件。 -> I'm not really sure how to do that ->我不太确定该怎么做
3 个解决方案
解决方案1
1 已采纳 2016-05-29 13:02:56
so your login screen should already have session code implemented into it that has a variable that specifies if the user is logged in or not. 因此您的登录屏幕上应该已经实现了会话代码,该会话代码具有一个变量,该变量指定用户是否登录。 If you don't have that implemented yet, the code would look similar to: 如果尚未实现,则代码将类似于:
<?php session_start();//at the very top of the page
?>
//... your own code
//if the user successfully logs in then:
$_SESSION['authenticated']=true;
Then on the booking.php page (it should be php to allow php scripts which is super important for validating if a user is logged in), you would then check if the user did log in. If he did, the rest of the page loads, if he didn't, you would redirect them to login.php: 然后在booking.php页面上(应该是允许使用php脚本的php,这对于验证用户是否登录非常重要),然后您将检查用户是否已登录。如果已登录,页面的其余部分加载,如果他没有加载,则将它们重定向到login.php:
at the very top of booking.php: 在booking.php的最上方:
<?php session_start();
if (!isset($_SESSION['authenticated']))
{
//if the value was not set, you redirect the user to your login page
header('Location https://www.example.com/login.php');
exit;
}
else
{
//if the user did login, then you load the page normally
}
解决方案2
0 2016-05-29 12:42:39
- Use $_SESSION or 使用$ _SESSION或
- Pass a variable from login.php to booking.php. 将变量从login.php传递到booking.php。 And then authenticate every user based on the variable passed using the $_POST method. 然后根据使用$ _POST方法传递的变量对每个用户进行身份验证。
eg. 例如。
if (!isset($_POST['auth'])) {
// redirect user back to login page
} else {
// successful login
}
解决方案3
0 2016-05-29 13:01:20
You can do it like 你可以像
rename extensions of all pages where you want this authentification 重命名您要进行身份验证的所有页面的扩展名
eg 例如
login.html >> login.php
booking.html >> booking.php
booking-suceess.html >> booking-success.php
create one script namely auth.php with following code 使用以下代码创建一个脚本即auth.php
<?php
session_start();
if(!isset($_SESSION['username'])){
header("location:login.php");
}
?>
In login.php add session 在login.php中添加会话
$_SESSION['username'] = $_POST['username'];
Now you can add auth.php in any php page where you want login compulsory as follow : 现在,您可以在要强制登录的任何php页面中添加auth.php ,如下所示:
include ('auth.php');
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.