yii2索引页面中用户身份的使用
[英]yii2 Useage of user identity in index page
问题描述
In yii2 is it save to use the instance of yii2 identity in index page. 
在yii2中保存使用索引页中yii2身份的实例。 For instance: 例如:
Yii::$app->user->idnetity->user_fname;
Does this compromise on its security if I use this in view page or is it safe to use?? 如果我在视图页面中使用此工具,这是否会损害其安全性?使用安全吗?
Thank you 谢谢
2 个解决方案
解决方案1
1 已采纳 2016-09-23 14:41:33
The php function are performed server side .. so this part of code is not in client browser .. php函数是在服务器端执行的。因此这部分代码不在客户端浏览器中。
in client browser eventually you send an echo of the result eg: 在客户端浏览器中,您最终会发送结果回显,例如:
echo Yii::$app->user->identity->username
In this way in the browser is only showed the name of the user nothing others 这样,在浏览器中只显示用户名没别的
解决方案2
0 2016-09-23 14:45:09
It's not clear what you mean by "safe to use" but in general you can safely display anything as long as it's sanitized (especially if it comes from user's input). 目前尚不清楚“安全使用”是什么意思,但通常来说,只要经过消毒(特别是来自用户的输入),就可以安全地显示任何东西。
Usually it's enough to use encode() method from Html Helper. 通常,使用Html Helper中的encode()方法就足够了。
<?php echo \yii\helpers\Html::encode(\Yii::$app->user->identity->user_fname); ?>
If you are not sure if user is logged in or not in this view it's good to check: 如果您不确定用户是否已在此view登录,则最好检查一下:
<?php if (\Yii::$app->user->isGuest): ?>
Welcome Guest!
<?php else: ?>
Hello, <?= \yii\helpers\Html::encode(\Yii::$app->user->identity->user_fname); ?>
<?php endif; ?>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.