英文:
Connect two php files
问题
以下是要翻译的内容:
在 panel.php 中,您可以看到有一个指向 coworkersmain.php 的 href。我希望只有在用户名为 "admin" 时才能访问此链接。
这是 panel.php:
<!DOCTYPE html>
<!-- 登录后打开 -->
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Panel</title>
</head>
<body>
<h1>欢迎来到面板</h1>
<p>您是 <?php session_start(); echo $_SESSION['username']; ?>。</p>
<a href="./coworkersmain.php" action="./checkadmin.php">同事</a>
<form method="post" action="./logout.php">
<input type="submit" value="注销" name="logout" class="logout-button"/>
</form>
</body>
</html>
这是 checkadmin.php:
<?php
session_start();
if ($_SESSION['username'] !== 'admin') {
// 重定向到面板页面或显示错误消息
echo "zdfsdgfdsfd";
header("Location: panel.php");
exit();
} else {
header("Location: coworkersmain.php");
exit();
}
?>
英文:
As you can see, in panel.php I have href of coworkersmain.php. I want this link to be accessable only in the case when username is "admin".
This is panel.php:
<!DOCTYPE html>
<!-- opens after logging in -->
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Panel</title>
</head>
<body>
<h1>Welcome to the Panel</h1>
<p>You are <?php session_start(); echo $_SESSION['username']; ?>.</p>
<a href="./coworkersmain.php" action="./checkadmin.php">Co-workers</a>
<form method="post" action="./logout.php">
<input type="submit" value="Logout" name="logout" class="logout-button"/>
</form>
</body>
</html>
And this is checkadmin.php:
<?php
session_start();
if ($_SESSION['username'] !== 'admin') {
// Redirect to panel page or display an error message
echo"zdfsdgfdsfd";
header("Location: panel.php");
exit();
} else {
header("Location: coworkersmain.php");
exit();
}
?>
答案1
得分: 2
- 在
<a>元素上不存在action属性。 - 即使存在,并且它的功能与您认为的一样,
checkadmin.php在功能上是无用的,因为没有阻止任何人直接访问coworkersmain.php。您需要将访问控制放在您实际尝试控制访问的脚本内部。
例如,在coworkersmain.php 的顶部仅使用:
session_start();
if ($_SESSION['username'] !== 'admin') {
header("Location: panel.php");
exit();
}
请记住,用户控制浏览器,您发送给浏览器的任何内容,无论是 HTML 还是 JavaScript,都可以被用户阅读、修改或完全忽略。
如果要强制执行访问控制,它必须在服务器端执行。
英文:
- There is no such thing as an
actionattribute on an<a>element. - Even if there was and it functioned like you think it would,
checkadmin.phpis functionally useless as there is nothing stopping anyone from simply going directly tocoworkersmain.php. You need to put the access control inside the script you're actually trying to control access to.
Eg, at the top of coworkersmain.php use only:
session_start();
if ($_SESSION['username'] !== 'admin') {
header("Location: panel.php");
exit();
}
Remember that the user controls the browser, and anything that you send to it, either HTML or Javascript, can be read, modified, or ignored entirely by the user.
If you want to enforce access control it must be server-side.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论