堆栈内存溢出
  简体   繁体   English

如何确保没有登录就无法访问除登录页面之外的其他页面?

[英]How do I make sure that no other page apart from login page can be accessed without logging in?

 原文  2016-06-10 06:11:36       php

问题描述

In my PHP application, the pages beyond login page must be visible only when user is logged in. This is how I log in: 在我的PHP应用程序中,仅当用户登录时,登录页面之外的页面才必须可见。这是我的登录方式: 

if($status=="ok"){ 
    session_start();
echo '<script>window.location.assign("/Annapoorna/Welcome_Page.php");</script>'; 
}else{ 
echo '<script>alert("username / password is invalid");window.history.go(-1);</script>'; 
}

Status gets Ok if username and passwords match. 如果用户名和密码匹配,状态为“确定”。

Also, how can I ensure that a user who is not logged in cannot access pages apart from the login page, even by putting direct URL of other page? 另外,如何确保未登录的用户即使通过放置其他页面的直接URL也无法访问登录页面以外的页面? How do I redirect such a request to login page? 如何将这样的请求重定向到登录页面?

2 个解决方案

解决方案1
 0  2016-06-10 06:50:23

Create one script that check the session. 创建一个检查会话的脚本。 and that file should be included in all the pages except login file. 并且该文件应包含在除登录文件之外的所有页面中。 Consider the following example. 考虑以下示例。

File Name : session_check.php 文件名:session_check.php 

<?php
session_start();
if(!isset($_SESSION["status"]) && $_SESSION["status"]=='')
{
   header('Location: index.php'); // your login page
   exit;
}
?>

So this will check in all the pages that your 'status' session is empty or not. 因此,这将签入所有您的“状态”会话为空的页面。 If your session is empty that means that use is not logged in. and if status is OK, that means user is logged in. 如果您的会话为空,则表示未登录use。如果状态为OK,则表示用户已登录。

Now, in your login page, you have to add condition as per below. 现在,在您的登录页面中,您必须按照以下条件添加条件。 

<?php
session_start();
if(isset($_SESSION["status"]) && $_SESSION["status"]=='OK')
{
   header("Location: home.php");
   exit;
}
?>

Now, this will check that if the status session is not empty, then will redirect to home.php file (after the login file). 现在,这将检查状态会话是否为空,然后将重定向到home.php文件(在登录文件之后)。 If session is empty, then it will stay login page. 如果会话为空,则它将保留登录页面。

解决方案2
 0  2016-06-10 07:01:16

  <?php
    session_start();
    // do this in header of pages where you don't need access of all users
    if(isset($_SESSION['status']) && $_SESSION['status'] != 'OK'){
         // go and login user
         header("Location: login.php"); 
         die();

    }

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用户不注销就无法返回注册/登录页面? - How do I make the user unable to go back to the signup/login page without logging out? 如何从登录页面到索引创建登录代码? - how I can make a login code from the login page to the index? 如何在php的每个页面上访问一个全局变量 - How Can I make a variable global to be accessed on every page in php 成功登录后,如何让我的虚假登录页面显示“已授予访问权限”而没有其他内容? - How do I make my fake login page display “Access Granted” with no other content after a successful login? 如何确保只有登录用户才能访问页面? - How do I make sure only logged-in users can acces a page? 制作页面的最佳方法只能从另一个页面访问 - best way to make a page can only be accessed from an another page 如何检查页面是否直接访问? - How can i check if page accessed directly? 单击按钮时,如何在没有其他代码的情况下使返回的消息显示在同一页面上? - When clicked on button, how can i make the returned message appear on the same page without other code? 如何使“登录”页面识别用户类型? - How do I make the Login page identify the type of users? 如何确保只有从特定功能重定向的用户才能访问我的网站页面? - How can I make sure that a user visits a page of my site only if he's redirected from a specific function?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM