堆栈内存溢出
  简体   繁体   English

PHP通过电子邮件安全地发送GET请求

[英]PHP sending GET request through email securely

 原文  2019-06-25 05:14:52       php/ get

问题描述

I am trying to make an attendance system where I mark the employee's attendance the link is clicked by me. 我正在尝试建立一个考勤系统,在该系统中,我单击了该员工的考勤链接。 So whenever the employee presses the button, I get an email with their info with a decline and accept URLs. 因此,每当员工按下按钮时,我都会收到一封带有拒绝信息的电子邮件,并接受URL。 The URLs I'm trying to pass on will have variable data in it, something like: 我尝试传递的URL中将包含可变数据,例如: 

http://website.com/page.php?id=123&username=abc

and then use $_GET['id], $_GET['username']. 然后使用$_GET['id], $_GET['username']. But the problem that I see with it is that a user could just pass on their information to do the process that I want to do here if they know the URL and their ID . 但是我看到的问题是,如果用户知道URL和ID ,就可以将他们的信息传递给我,以执行我要在此处执行的过程。

Is there a more secure and better way to do this? 有没有更安全,更好的方法来执行此操作?

2 个解决方案

解决方案1
 2 已采纳  2019-06-25 05:35:09

My opinion is 我的意见是

if that link is clicked by user , you dont need that param . 如果该链接被用户单击,则不需要该参数。 Store that in session instead and check with that ! 将其存储在会话中,然后进行检查!

Or for admin , there is no a problem with that param .You just need to check current user session have admin role or if not just show permission error 或者对于admin来说,该参数没有问题。您只需要检查当前用户会话是否具有admin角色即可;如果不是,则仅显示权限错误

解决方案2
 1  2019-06-25 05:25:53

Hope you know the post method.Which is works like a letter we post. 希望您知道发帖的方式。这就像我们发的信一样。 You cant see what in it until you open it. 您必须先打开它才能看到其中的内容。 So use POST method.You can do something like this.In here I assume that user get signed in to the system and then via session user data will be fetched and stored. 因此,请使用POST方法。您可以执行类似的操作。在这里,我假设用户已登录系统,然后通过会话将获取并存储用户数据。 Then they will be assign into hidden input fields. 然后将它们分配给隐藏的输入字段。 

 <?php
session_start();
if (isset($_SESSION['UserName'])) {
    ?>
<form action="http://website.com/page.php" method="post">
<input type="text" value="<?=($_SESSION['UserName']);?>"  name="username" hidden>
<input type="text" value="<?=($_SESSION['UserId']);?>" name="userid"  hidden>
<button type="submit" name="submit">Confirm Your attendance</button>
</form>
<?php
}else{
    header('Location: login.php');
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 PHP-在2个服务器之间安全发送请求/响应? - PHP - Securely sending request/response between 2 servers? 通过PHP发送电子邮件 - Sending Email Through PHP 从iOS安全地发送PHP获取信息 - Securely Sending PHP Get Information from iOS 通过php发送电子邮件不起作用 - sending email through php not working PHP 代码不通过电子邮件发送 - PHP code not sending through email 通过带有IF条件的PHP发送电子邮件 - Sending email through PHP with IF conditions 通过gmail通过php发送电子邮件 - Sending Email, in php through gmail ajax请求未在php中发送电子邮件 - the ajax Request not sending Email in php 在php中通过电子邮件发送网页 - Sending Web Page through Email in php 通过php发送电子邮件,为什么不起作用? - Sending an email through php, why is not working?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM