连接两个PHP文件。

huangapple go评论65阅读模式
英文:

Connect two php files

问题

以下是要翻译的内容:

在 panel.php 中,您可以看到有一个指向 coworkersmain.php 的 href。我希望只有在用户名为 "admin" 时才能访问此链接。

这是 panel.php:

<!DOCTYPE html>
<!-- 登录后打开 -->
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Panel</title>
</head>
<body>
    <h1>欢迎来到面板</h1>
    <p>您是 <?php session_start(); echo $_SESSION['username']; ?>。</p>  
    
    <a href="./coworkersmain.php" action="./checkadmin.php">同事</a>
    <form method="post" action="./logout.php">
        <input type="submit" value="注销" name="logout" class="logout-button"/>
    </form>    
</body>
</html>

这是 checkadmin.php:

<?php
    session_start();
    
    if ($_SESSION['username'] !== 'admin') {
        // 重定向到面板页面或显示错误消息
        echo "zdfsdgfdsfd";
        header("Location: panel.php");
        exit();
    } else {
        header("Location: coworkersmain.php");
        exit();
    }
?>
英文:

As you can see, in panel.php I have href of coworkersmain.php. I want this link to be accessable only in the case when username is "admin".

This is panel.php:

&lt;!DOCTYPE html&gt;
&lt;!-- opens after logging in --&gt;
&lt;html lang=&quot;en&quot;&gt;
&lt;head&gt;
    &lt;meta charset=&quot;UTF-8&quot;&gt;
    &lt;meta http-equiv=&quot;X-UA-Compatible&quot; content=&quot;IE=edge&quot;&gt;
    &lt;meta name=&quot;viewport&quot; content=&quot;width=device-width, initial-scale=1.0&quot;&gt;
    &lt;title&gt;Panel&lt;/title&gt;
&lt;/head&gt;
&lt;body&gt;
    &lt;h1&gt;Welcome to the Panel&lt;/h1&gt;
    &lt;p&gt;You are &lt;?php session_start(); echo $_SESSION[&#39;username&#39;]; ?&gt;.&lt;/p&gt;  
    
    &lt;a href=&quot;./coworkersmain.php&quot; action=&quot;./checkadmin.php&quot;&gt;Co-workers&lt;/a&gt;
    &lt;form method=&quot;post&quot; action=&quot;./logout.php&quot;&gt;
        &lt;input type=&quot;submit&quot; value=&quot;Logout&quot; name=&quot;logout&quot; class=&quot;logout-button&quot;/&gt;
    &lt;/form&gt;    
&lt;/body&gt;
&lt;/html&gt;

And this is checkadmin.php:

&lt;?php
    session_start();
    
    if ($_SESSION[&#39;username&#39;] !== &#39;admin&#39;) {
        // Redirect to panel page or display an error message
        echo&quot;zdfsdgfdsfd&quot;;
        header(&quot;Location: panel.php&quot;);
        exit();
    } else {
        header(&quot;Location: coworkersmain.php&quot;);
        exit();
    }
?&gt;

答案1

得分: 2

  1. &lt;a&gt;元素上不存在action属性。
  2. 即使存在,并且它的功能与您认为的一样,checkadmin.php 在功能上是无用的,因为没有阻止任何人直接访问coworkersmain.php。您需要将访问控制放在您实际尝试控制访问的脚本内部。

例如,在coworkersmain.php 的顶部仅使用:

session_start();

if ($_SESSION[&#39;username&#39;] !== &#39;admin&#39;) {
	header(&quot;Location: panel.php&quot;);
	exit();
}

请记住,用户控制浏览器,您发送给浏览器的任何内容,无论是 HTML 还是 JavaScript,都可以被用户阅读、修改或完全忽略。

如果要强制执行访问控制,它必须在服务器端执行。

英文:
  1. There is no such thing as an action attribute on an &lt;a&gt; element.
  2. Even if there was and it functioned like you think it would, checkadmin.php is functionally useless as there is nothing stopping anyone from simply going directly to coworkersmain.php. You need to put the access control inside the script you're actually trying to control access to.

Eg, at the top of coworkersmain.php use only:

session_start();

if ($_SESSION[&#39;username&#39;] !== &#39;admin&#39;) {
	header(&quot;Location: panel.php&quot;);
	exit();
}

Remember that the user controls the browser, and anything that you send to it, either HTML or Javascript, can be read, modified, or ignored entirely by the user.

If you want to enforce access control it must be server-side.

huangapple
  • 本文由 发表于 2023年6月6日 04:13:54
  • 转载请务必保留本文链接:https://go.coder-hub.com/76409707.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定