[英]Prevent direct access PHP
I have 2 script. 我有2个脚本。 That's : 那是 :
Sometimes someone open the link direct into process_registration.php, so how can I prevent that ? 有时有人打开直接链接到process_registration.php的链接,那么我该如何防止呢?
Process_registration.php function is to save the data get from input from registration.html. Process_registration.php函数用于保存从registration.html输入获得的数据。
Any idea ? 任何想法 ?
You can use : 您可以使用 :
if (!isset($_POST['field'])) {
die();
}
at the top of your process_registration.php file. 在process_registration.php文件的顶部。
Of course, replace field
by one of your existing fields in your form. 当然,用表格中现有的字段之一替换该field
。
If you're against flooders that does register several accounts using scripts, you may use a captcha field on your registration form, or use protections against crawling . 如果您反对确实使用脚本注册多个帐户的泛洪者,则可以在注册表单上使用验证码字段,也可以使用防止爬网的保护措施 。
Just another method: 只是另一种方法:
if (empty($_POST)) {
exit("Direct access not allowed");
}
Just more flexible with the object names. 对象名称更加灵活。 For extra security, you should put this in your form: 为了提高安全性,您应该将其放在表单中:
<input type="hidden" value="9957374" name="hiddenvalidate" />
and in your script: 并在您的脚本中:
if (!isset($_POST['hiddenvalidate']) || $_POST['hiddenvalidate'] != 9957374) {
exit("Direct access not allowed");
}
You can check if the current request is a POST type (if you use a form) 您可以检查当前请求是否为POST类型(如果使用表单)
if($_SERVER['REQUEST_METHOD'] == 'POST')
and you can also check if all required variables are set. 您还可以检查是否设置了所有必需的变量。
You can use $_POST
array in process_registration.php for this like : 您可以在process_registration.php中使用$_POST
数组,例如:
if(!isset($_POST['yourvariable'])){
//Redirect to registration page
}
You can also use PHP Session for it. 您也可以使用PHP Session 。 If session is not set then redirect user to registration page. 如果未设置会话,则将用户重定向到注册页面。
I like the way Joomla
handles this issue. 我喜欢Joomla
处理此问题的方式。
On every php page in Joomla, you will see the following code: 在Joomla中的每个php页面上,您将看到以下代码:
// No direct access
defined('_JEXEC') or die; // it's a config setting
Only the top-level pages have this variable included in them. 仅顶层页面中包含此变量。 All other files, if opened directly, close, thereby preventing any accidental misuse/data loss. 如果直接打开所有其他文件,则将其关闭,从而防止任何意外的误用/数据丢失。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.