我正在学习Codeigniter,我有一个名为Admin控制器的控制器
class Admin extends CI_Controller{
/* skipped */
//This function is used to generate changepassword form
public function changepassword(){
$this->data['sessiondata'] = $_SESSION['logged_in'];
$this->data['mainview'] = 'components/admin/changepassword';
$this->load->view($this->layout, $this->data);
}
//changepassword form will be submitted to this function ('admin/checkpassword')
public function checkpassword(){
$error = array(
'required' => '%s tidak boleh kosong',
'matches' => '%s tidak sama, dumb ass'
);
/* some validations skipped */
if($this->form_validation->run($this) == FALSE){
$this->data['mainview'] = 'components/admin/changepassword';
$this->load->view($this->layout, $this->data);
} else {
$tobesent = array(
"oldpassword" => $this->input->post('oldpassword'),
"newpassword" => $this->input->post('newpassword'),
"verifynewpasswprd" => $this->input->post('verifynewpassword')
);
$this->admincrud->changepassword($tobesent);
$this->data['result'] = "Password sukses diubah";
$this->data['mainview'] = 'components/admin/changepassword';
$this->load->view($this->layout, $this->data);
}
}
}
结果是,每次我转到base_url('admin/changepassword'),填写提供的表单然后提交表单,我的网址从base_url('admin/changepassword')更改为base_url('admin/checkpassword'),我知道这是{提交表格的结果。每次我type base_url('admin/checkpassword')直接在我的地址栏上,它都会打开表单,我知道这是checkpassword函数中if-else条件的结果。我的问题是,从安全的角度来看,如果我继续使用这种结构,是否可以?如何阻止用户直接访问base-url('admin/checkpassword'),而是将其重定向到base_url('admin/changepassword')?
答案 0 :(得分:0)
如果我理解正确,问题的解决方案是$_SERVER['REQUEST_METHOD']
例如: -
if($_SERVER['REQUEST_METHOD'] == 'POST')//form method is post
{
//checkpassword code
}
else
{
redirect(base_url('admin/changepassword'));
}
答案 1 :(得分:0)
如果您不希望在提交表单后更改网址。
您可以使用redirect('admin/changepassword');,因为您需要提供
相应的消息,您可以在重定向之前使用$this->session->set_flashdata('msg','Your message');并在视图中使用它,如下所示:
<?php if($this->session->flashdata('msg') <> NULL){echo $this->session->flashdata('msg');} ?>