更改PHP“必需”参数会破坏网站结构

时间:2014-03-29 12:57:31

标签: php

我的任务是对网站进行一些更改。特别是在键入网站的URL时更改用户重定向到的主页面。按照现在的情况,用户立即转到“登录”页面,如我的“index.php”中所述:

的index.php

<?php

session_start();
$all_url = explode('?', $_SERVER['REQUEST_URI']);
$url = explode('/', $all_url[0]);

//Homepage
if (empty($url[1])) {
$url[1] = 'home';
}

//DB connect
$config = array(
'host' => 'localhost', //CHANGE THIS, DB SERVER
'user' => 'xxx', //CHANGE THIS, DB USER
'password' => 'xxx', //CHANGE THIS, DB PASSWORD
'database' => 'xxx' //CHANGE THIS, DB NAME
);
$DB = new PDO('mysql:host=' . $config['host'] . ';dbname=' . $config['database'], $config['user'], $config['password']);
$DB->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
$DB->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
$DB->exec("SET names utf8");

if (file_exists('controller/' . $url[1] . '.php')) {

$gtpl = 'main';
if (empty($_SESSION['uid']) && $url[1]!='register') {
    //login
    require 'controller/login.php';

}else{
    require 'controller/' . $url[1] . '.php';
}

require 'view/' . $gtpl . '.php';
} else {
echo 'ERROR - File not found!!!';
}
?>

我想这样做,以便将用户转移到“主页”而不是“登录”,并在网站中稍后使用登录表单。问题是 - 当我将要求'controller / login.php'; 更改为要求'controller / home.php'; 时,它会将我重定向到该页面,但我可以不要移动到网站上的任何其他地址。应该做些什么改变才能有效地运作?我还提供了“main.php”,以防万一

main.php

<!DOCTYPE HTML>
<html>
<head>
    <meta charset="utf-8">
    <title></title>
    <meta name="description" content="">

    <link rel="stylesheet" href="/css/bootstrap.css">
    <link rel="stylesheet" href="/css/bootstrap-theme.css">
    <link rel="stylesheet" href="/css/style.css">
    <link rel="stylesheet" href="/css/jquery-ui-1.10.3.css">
    <link rel="stylesheet" href="/css/colpick.css">
    <!--[if lt IE 9]>
    <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
    <script src="http://ie7-js.googlecode.com/svn/version/2.1(beta4)/IE9.js"></script>
    <![endif]-->
</head>
<body>

    <div class="container">

        <?php require 'view/frontend/'.$tpl.'.php';?>

    </div>

    <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>
    <script>window.jQuery || document.write('<script src="/js/jquery-1.10.2.min.js"><\/script>')</script>
    <script src="/js/jquery-ui-1.10.3.js"></script>
    <script src="/js/jquery.migrate.js"></script>
    <script src="/js/farbtastic.js"></script>
    <script src="/js/crop.img.js"></script>
    <script src="/js/colpick.js"></script>
    <script src="/js/dropdown.js"></script>
    <script src="/js/jquery.numeric.js"></script>
    <script src="/js/init.js"></script>
</body>

2 个答案:

答案 0 :(得分:0)

if (empty($_SESSION['uid']) && $url[1]!='register') {
    //login
    require 'controller/login.php';
}

你可以改成:

$notrestricted = array('register','home'); 

if (empty($_SESSION['uid']) && !in_array($url[1], $notrestricted)) {
    //login
    require 'controller/login.php';
}

答案 1 :(得分:0)

问题是从未设置 SESSION uid 属性。这可能是由登录控制器完成的。

这意味着永远不会调用代码的 else 子句。 解决方案:使用另一个标志,并在未设置时将用户重定向到主页。将用户重定向到home后设置标志。

if (!isset($_SESSION['firstVisit']) && $url[1]!='home') {
   $_SESSION['firstVisit'] = false; //ensures we never enter this clause again
   require 'controller/home.php';

}else{
   require 'controller/' . $url[1] . '.php';
}

但是,如果您希望只有在用户登录时才能访问某些页面,您应该像这样处理它:

$restricted = array('page1','page2');  // restricted pages behind login

if (!isset($_SESSION['firstVisit']) && $url[1]!='home') {
   $_SESSION['firstVisit'] = false; //ensures we never enter this clause again
   require 'controller/home.php';
}else if (empty($_SESSION['uid']) && in_array($url[1], $restricted)) {
   //not logged in, but trying to access restricted page.
   require 'controller/login.php';
}else{
   require 'controller/' . $url[1] . '.php';
}