使用session_start()限制对页面的访问

时间:2015-01-21 15:50:24

标签: php html mysql

我正在登录页面,如果你登录,你被重定向到一个上传页面,如果你没有登录,我试图限制访问上传页面,我不希望别人拥有如果他们不是登录页面,则访问页面。 到目前为止,这是我的代码,但我不知道如何限制会话的访问。 我的登录脚本:

<?php
    $host="localhost"; // Host name 
    $username="root"; // Mysql username 
    $password=""; // Mysql password 
    $db_name="ana"; // Database name 
    $tbl_name="user"; // Table name 

    // Connect to server and select databse.
    mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
    mysql_select_db("$db_name")or die("cannot select DB");

    // username and password sent from form 
    $myusername=$_POST['user']; 
    $mypassword=$_POST['pass']; 

    // To protect MySQL injection (more detail about MySQL injection)
    $myusername = stripslashes($myusername);
    $mypassword = stripslashes($mypassword);
    $myusername = mysql_real_escape_string($myusername);
    $mypassword = mysql_real_escape_string($mypassword);
    $sql="SELECT * FROM $tbl_name WHERE user='$myusername' and pass='$mypassword'";
    $result=mysql_query($sql);


    // If result matched $myusername and $mypassword, table row must be 1 row
    if($myusername=='ana' and $mypassword==''){
    session_start();
    $_SESSION["myusername"]=$myusername;
    $_SESSION["mypassword"]=$mypassword; 
    // Register $myusername, $mypassword and redirect to file "login_success.php"
    echo "Your login was succesfull!";  
    header("refresh:3;url=upload.php");
    }
    else {
    echo "Wrong Username or Password, please try again.";
    header("refresh:3;url=connect.php");
    }

?>

,将您重定向到的页面是:

<!DOCTYPE HTML>
<!--
    Astral by HTML5 UP
    html5up.net | @n33co
    Free for personal and commercial use under the CCA 3.0 license (html5up.net/license)
-->
<?php
session_start();
?>
<html>
    <head>
        <title>Ana Gemescu - Work work work | Upload </title>
        <meta http-equiv="content-type" content="text/html; charset=utf-8" />
        <meta name="description" content="" />
        <meta name="keywords" content="" />
        <!--[if lte IE 8]><script src="css/ie/html5shiv.js"></script><![endif]-->
        <script src="js/jquery.min.js"></script>
        <script src="js/skel.min.js"></script>
        <script src="js/init.js"></script>
        <noscript>
            <link rel="stylesheet" href="css/skel.css" />
        </noscript>
        <!--[if lte IE 8]><link rel="stylesheet" href="css/ie/v8.css" /><![endif]-->
    </head>
    <body>
        <!-- Wrapper-->
            <div id="wrapper">

                <!-- Main -->
                    <div id="main">
                        <!-- Me -->
                            <article id="me" class="panel">
                                <header>
                                <form action="uploader.php" method="post" enctype="multipart/form-data">
                                    Select image to upload:<br />
                                    <input type="file" name="fileToUpload" id="fileToUpload"><br />
                                    <select name="Folder" style="width:500px;margin-bottom:5px;margin-top:5px;" >
                                            <option value="photo" style="padding:2px">Photos</option>
                                            <option value="draw" style="padding:2px">Drawings</option>
                                            <option value="video" style="padding:2px">Videos</option>
                                            <option value="other" style="padding:2px">Other</option>
                                    </select><br />
                                    <input type="submit" value="Upload Image" name="submit">
                                </form>
                                </header>
                            </article>
                        </div>
                <!-- Footer -->
                    <div id="footer">
                        <ul class="copyright">
                            <li>&copy; Ana Gemescu</li><li>Design: <a href="http://html5up.net">HTML5 UP</a>, Coded by: <a href="#">zapo</a></li>
                        </ul>
                    </div>

            </div>

    </body>
</html>

如果你没有登录,可以请一些人帮助我如何限制对上传页面的访问?

如果您需要更多信息,请告诉我

5 个答案:

答案 0 :(得分:1)

检查$_SESSION["myusername"],就像这样

if(ISSET($_SESSION["myusername"]))
{
    //upload page code
}
else
{
    print "access denied";
}

答案 1 :(得分:1)

始终将session_start();放在页面顶部......输出之前。

验证是否已设置会话变量只是:

session_start(); //at the very top of your page
if(!isset($_SESSION['your_index'])){ //for example user
   //do something
   //for example, send the user back to the login page

   header('Location: myloginform.php'); //path to where your login form is located. Headers need to be above any output or they will produce an error and thus not work as intended (or at all even!)
   exit;
   }

另外,请确保考虑到实际上传文件的脚本,采取适当的安全措施。 例如......

  • 验证正在上传的文件类型,您肯定不希望让用户上传他/她希望服务器的任何内容
  • 在您的上传文件夹中更正权限(例如,完全权限777只是要求解决问题)

答案 2 :(得分:1)

首先在每个需要使用它的页面上调用session_start();方法。您可以通过在设置mySQL连接的基类中调用此方法一次来避免这种情况,当然每个继承连接设置的类都将继承session_start()方法。

关于您的真实性检查,请考虑以下示例:

//Create a new session object that will determine when a user is authenticated. 
$_SESSION['isAuthenticated'] = false;

您可以在用户成功登录时调用的类中初始化它,在这种情况下,布尔值将在成功登录时切换为true。

//Your welcome page, after log-in
if( isset($_SESSION['isAuthenticated']) )
{
    $_SESSION['isAuthenticated'] = true
}

在每个新页面上,您可以创建一个条件,检查该值是否设置为true(用户已通过身份验证)

if( !isset($_SESSION['isAuthenticated']) || $_SESSION['isAuthenticated'] == false)
{
  echo "You are not authenticated to view this page, please log-in";
}
else
{
   //start your HTML here
}

这排除了某人只需将页面网址键入地址栏并绕过您的登录逻辑。

答案 3 :(得分:0)

当用户登录系统时,然后在会话中存储标记,例如$ _SESSION ['loggedin'] = 1;读出每次通话的价值。如果$ _SESSION ['loggedin'] == 1那么用户是安全的。

答案 4 :(得分:0)

谢谢大家的帮助!我已设法使用session_start(); 保持良好的工作,再次感谢。

相关问题
最新问题