我正在使用Codeigniter框架开发一个网站,我希望保护我的登录功能和一些控制器。为了实现这一点,我正在使用http://sajjadhossain.com/2008/10/27/ssl-https-urls-and-codeigniter/ -method。
在某种情况下,当表单(POST)提交时,我找到了302并且请求已被重定向到http GET -request。结果我丢失了表格参数。
这是CodeIgniter问题还是Apache问题还是什么?
原始https POST -request:
> Request URL:https://localhost/xxxxx/mainpage/login
Request Method:POST
Status Code:302 Found
Request Headersview source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:59
Content-Type:application/x-www-form-urlencoded
Cookie:__atuvc=1%7C51; ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%225c392f08a64b4c73e410be07b2f2162b%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A108%3A%22Mozilla%2F5.0+%28Windows+NT+6.1%3B+WOW64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F31.0.1650.63+Safari%2F537.36%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1389784943%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7Deaa32f4e7408de99c1cf025500d6ef02
Host:localhost
Origin:http://localhost
Referer:http://localhost/xxxxx/mainpage/home
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
Form Dataview sourceview URL encoded
username: xxxxxxxxxx
password:xxxxxxxxxx
login:Login
Response Headersview source
Access-Control-Allow-Origin:*
Connection:Keep-Alive
Content-Length:0
Content-Type:text/html
Date:Wed, 15 Jan 2014 11:22:29 GMT
Keep-Alive:timeout=5, max=100
Location:http://localhost/xxxxx/mainpage/login
Server:Apache/2.2.22 (Win64) mod_ssl/2.2.22 OpenSSL/1.0.1c PHP/5.3.13
X-Powered-By:PHP/5.3.13
重定向的http GET-request
> Request URL:http://localhost/xxxxx/mainpage/login
Request Method:GET
Status Code:302 Found
Request Headersview source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Cookie:__atuvc=1%7C51; ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%225c392f08a64b4c73e410be07b2f2162b%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A108%3A%22Mozilla%2F5.0+%28Windows+NT+6.1%3B+WOW64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F31.0.1650.63+Safari%2F537.36%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1389784943%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7Deaa32f4e7408de99c1cf025500d6ef02
Host:localhost
Referer:http://localhost/xxxxx/mainpage/home
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
Response Headersview source
Access-Control-Allow-Origin:*
Connection:Keep-Alive
Content-Length:0
Content-Type:text/html
Date:Wed, 15 Jan 2014 11:22:29 GMT
Keep-Alive:timeout=5, max=96
Location:http://localhost/xxxxx/mainpage/home
Server:Apache/2.2.22 (Win64) mod_ssl/2.2.22 OpenSSL/1.0.1c PHP/5.3.13
Set-Cookie:ci_session=a%3A6%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%225c392f08a64b4c73e410be07b2f2162b%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A108%3A%22Mozilla%2F5.0+%28Windows+NT+6.1%3B+WOW64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F31.0.1650.63+Safari%2F537.36%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1389784943%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3Bs%3A21%3A%22flash%3Anew%3Alogin_error%22%3Bs%3A24%3A%22Please%2C+fill+all+fields%21%22%3B%7D8b441ee2b9f1280754d04ef02292eff5; expires=Wed, 15-Jan-2014 13:22:29 GMT; path=/
X-ChromeLogger-Data:eyJ2ZXJzaW9uIjoiNC4wLjAiLCJjb2x1bW5zIjpbImxvZyIsImJhY2t0cmFjZSIsInR5cGUiXSwicm93cyI6W1tbIkxvZ2luX2Z1bmN0aW9uIl0sIkM6XFx3YW1wXFx3d3dcXGVnb3RoYW1cXGFwcGxpY2F0aW9uXFxjb250cm9sbGVyc1xcbWFpbnBhZ2UucGhwIDogMTc5IiwiZXJyb3IiXSxbWyJmb3JtIHZhbGlkYXRpb24gRkFMU0UiXSwiQzpcXHdhbXBcXHd3d1xcZWdvdGhhbVxcYXBwbGljYXRpb25cXGNvbnRyb2xsZXJzXFxtYWlucGFnZS5waHAgOiAxODgiLCJ3YXJuIl1dLCJyZXF1ZXN0X3VyaSI6IlwvZWdvdGhhbVwvbWFpbnBhZ2VcL2xvZ2luIn0=
X-Powered-By:PHP/5.3.13
提前致谢。
更新:.htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /egotham/
#Removes access to the system folder by users.
#Additionally this will allow you to create a System.php controller,
#previously this would not have been possible.
#'system' can be replaced if you have renamed your system folder.
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
#When your application folder isn't in the system folder
#This snippet prevents user access to the application folder
#Submitted by: Fabdrol
#Rename 'application' to your applications folder name.
RewriteCond %{REQUEST_URI} ^application.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
#Checks to see if the user is attempting to access a valid file,
#such as an image or css document, if this isn't true it sends the
#request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /egotham/index.php?/$1 [L]
</IfModule>
<IfModule !mod_rewrite.c>
# If we don't have mod_rewrite installed, all 404's
# can be sent to index.php, and everything works as normal.
# Submitted by: ElliotHaughin
ErrorDocument 404 /index.php
</IfModule>
更新2:
function login()
{
var_dump($_POST);
$user_language = $this->session->userdata('language');
$this->lang->load('notification', $user_language);
$this->form_validation->set_rules('username', 'Username', 'required|trim|max_length[50]|xss_clean');
$this->form_validation->set_rules('password', 'Password', 'required|trim|max_length[200]|xss_clean');
if($this->form_validation->run() == FALSE)
{
ChromePhp::warn('form validation FALSE');
$this->session->set_flashdata('login_error', $this->lang->line('fill_all_fields'));
secure_redirect('mainpage/home');
}
else
{
extract($_POST);
$remember_me = $this->input->post('remember_me');
答案 0 :(得分:0)
我不确定你提到的方法,但我在之前的项目中使用它的方法是在配置中设置第二个基本URL(如“base_url_secure”),然后设置表单post直接安全版本,这意味着您不需要重定向。
我认为您不能使用帖子重定向,因此表单应直接发布到安全网址。