stackoom
  简体   繁体   中英

Authorization control in redirected page in php

 原文  2013-09-26 08:54:58       php/ redirect/ authorization

Question

I have a simple controller which shows confirmations to be approved.When the users press register button confirmation page is shown.

But when users enter url as ..../confirmation without registering , the page is shown. I dont want it to be shown without registering.

in asp.net mvc4 this can be done with ChildActionOnly anotation.

Is it possible?

3 answers

solution1
 0  2013-09-26 09:09:47

First make sure you have the session started: 

<?php session_start(); ?>

OK, this seems to be quite simple - after registration, and before you redirect a user to the confirmation page, do something like this (this is pseudo-code naturally). Let's say the $user->registered() returns TRUE/FALSE as a result of registration, and $user->hasConfirmedRegistration() returns TRUE/FALSE as a result of reistration confirmation. So you should do something like: 

//this should be in your registration controller/function, i.e. /users/register
if ($user->registered()) {
   $_SESSION['showConfirmation'] = TRUE;
}

Then you should put this in the beggining of your function, to prevent showing your confirmation page to non-registered users. 

//This should be in your confirmation controller/function, 
//i.e. /users/confirm_registration:

//if user has not registered, do not show the page
if (! $_SESSION['showConfirmation']) {
   header('Location: /'); // redirect to main page
   return;
}

// -- enter code that handles storing confirmation, handling $_GET/$_POST etc. --

//then unset session variable, which is no longer needed
if ($user->hasConfirmedRegistration()) {
   unset($_SESSION['showConfirmation']);
}

solution2
 0  2013-09-26 09:09:49

I dont fully understand what you're trying to achieve without seeing your code. But it sounds like you dont want someone to beable to access a specific page without performing an action first.

Something like this might help you. 

<?php
session_start();
if(!session_is_registered(somesessionamehere)){
header("location:form.php");
}
?>

Register a session when the user submits the form, then when they go to that page it checks to see if the session is registered. If it isn't then it redirects to the previous page.

Have a look at this URL for a login based example: http://www.phpeasystep.com/phptu/6.html

solution3
 0  2013-09-26 09:11:02

As I understand, you need to check, on your confirmation page, that the user has just send registration data.

For example, if you have an input field named "login" in your form, you can check the presence and value of "login" in either $_REQUEST , $_POST or $_GET , depending on your form "method" attribute. If it's not there, the form has not been posted and you can assume that the user just entered the URL. You can redirect him to the login page. 

<form method="post" action="/confirmation">
    <input type="text" name="login" />
    [...]
    <input type="submit" />
</form>

<?php
if (!isset($_POST["login"])) {
    // redirect
    header("HTTP/1.0 302 Found");
    header("Location: /login");

    return;
}

// show confirmation
// [...]

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Page not getting redirected php PHP sending data to the redirected page Getting the URL of redirected page - PHP PHP: Page not redirected back to the login page Wordpress PHP: The variables are lost on the redirected page Register.php redirected to a blank page check if page was redirected or opened directly in php php unseting $_SESSION variable on page referesh or redirected How to get redirected page url using PHP PHP URL from the page I was redirected
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM