阻止用户直接访问URL Yii 2

Question

I have this piece of code that if the user clicks on it the link will be replaced by text making it unable to be clicked again. 我有这段代码，如果用户单击它，则链接将被文本替换，使其无法再次单击。 The problem now is that if the user access it directly in the url so it will simulate a link click. 现在的问题是，如果用户直接在URL中访问它，那么它将模拟链接单击。 So how do I prevent users from accessing urls directly? 那么如何防止用户直接访问URL？

<?php 
$isAdded = ActiveSubject::find()->where(['clientid' => $_user,'subjectid' => $subjects['subjectid'],])->exists();
if($isAdded):
?>
<b><p class="text-muted">ADDED</p></b>
<?php else: ?>
<p>
<?= Html::a('<b>ADD</b>',['site/addsubject',    'subjectid'=>$subjects['subjectid'], 'clientid' => $_user],['class' => 'btn-info btn-transparent btn-large']) ?>
</p> 
<?php endif; ?>
</td>
<td>
<?= $subjects['slots'] ?>
</td>
 <td>
<?php if($isAdded): ?>
<p class="text-primary">Awaiting Confirmation</p>  
<?php endif; ?>

Answer 1

Make it a POST link so that it has to clicked and can't be directly run from the browser 使其成为一个POST链接，以便必须单击它并且不能直接从浏览器中运行它

ie. 即。

adding 'data-method' => 'post' to HTML::a 在HTML::a添加'data-method' => 'post'

<?= Html::a('<b>ADD</b>',['site/addsubject',    'subjectid'=>$subjects['subjectid'], 'clientid' => $_user],['class' => 'btn-info btn-transparent btn-large', 'data-method' => 'post']) ?>

And in the Access Rules you can add rule to only accept POST Request 并且在访问规则中，您可以添加规则以仅接受POST请求

ie 即

'verbs' => [
                'class' => VerbFilter::className(),
                'actions' => [
                    'addsubject' => ['post'],
                ],
            ],

Hope this helps. 希望这可以帮助。 Thanks. 谢谢。

Edit: Below is sample for SiteController 编辑：以下是SiteController示例

public function behaviors()
    {
        return [
            'access' => [
                'class' => AccessControl::className(),
                'rules' => [
                    [
                        'allow' => True,
                        'actions' => [],
                        'roles' => []
                    ],
                    [
                        'actions' => ['login', 'error', 'captcha'],
                        'allow' => true,
                    ],
                ],
            ],
            'verbs' => [
                'class' => VerbFilter::className(),
                'actions' => [
                    'delete' => ['post'],
                    'addsubject' => ['post'],
                ],
            ],
        ];
    }

Answer 2

In controller 在控制器中

public function behaviors()
{
    return [
        'access' => [
            'class' => AccessControl::className(),
            'rules' => [
                [
                    'actions' => ['addsubject'],
                    'allow' => true,
                    'roles' => ['addsubject', 'yourmodelname'],
                ],
                [
                    'allow' => true,
                    'roles' => ['superAdmin', 'admin', 'managerModule1', 'managerApp'],
                ],   
            ],
        ],         
        'verbs' => [
            'class' => VerbFilter::className(),
            'actions' => [
                    'addsubject' => ['post'],
                ],
        ],

    ];
}

checkout this 2 answers also 查看这2个答案

how to deny the access of url in yii even if we know the url? 即使我们知道URL，如何拒绝Yii中的URL访问？

how to limit access url view on yii2 by id 如何通过ID限制yii2上的访问URL视图

In which you can understand the use of filters. 在其中您可以了解过滤器的使用。

阻止用户直接访问URL Yii 2

问题描述

2 个解决方案

解决方案1
0 2016-08-23 04:33:43

解决方案2
0 已采纳 2016-08-23 05:20:40

阻止用户直接访问URL Yii 2

问题描述

2 个解决方案

解决方案1 0 2016-08-23 04:33:43

解决方案2 0 已采纳 2016-08-23 05:20:40

解决方案1
0 2016-08-23 04:33:43

解决方案2
0 已采纳 2016-08-23 05:20:40