我想创建一个页面,其中包含自己所选择的页面选择URL(示例:index.php?p=signin并提供保护。我可以保护更多页面吗?
我不会保护$_GET['p']的文字免于注射。我只是想知道这种方法是否危险?
$grantLevel = [
'Banned' => 0 ,
'Guest' => 1 ,
'Trial' => 2 ,
'Normal' => 4 ,
'Premium' => 8 ,
'Moderator' => 16 ,
'Administrator' => 32 ,
'SuperAdministrator' => 64
] ;
$pages = [
'ban' => $grantLevel['Banned'] ,
'error' => $grantLevel['Guest'] ,
'forbidden' => $grantLevel['Guest'] ,
'manage' => $grantLevel['Administrator'] ,
'signin' => $grantLevel['Guest'] ,
'welcome' => $grantLevel['Guest'] ,
];
$accountLevel = $_SESSION['accountLevel'] ;
if($accountLevel != $grantLevel['Banned']){
if(isset($_GET['p'])) {
if($accountLevel >= $pages[ $_GET['p']]) {
$p = $_GET['p'] ;
} else {
$p = 'forbidden' ;
}
} else {
$p = 'error' ;
}
} else {
$p = 'ban' ;
}
require( $p . '.php') ;