如果未登录,则将网页设为100%私密[关闭]

几个星期前,我想创建一个应用程序,因为我现在提出了一个好主意,首先我想要 在网页上实现它,有几种方法可以很好地创建网页。</ p>

第一种可能的方法是在本地创建并设置服务器。 然后你就可以在那里安装PHP等...你可以在脱机时基本开发它。</ p>

第二种方法是找到一个好的托管并开始在托管上创建网页,通常所有 那些托管服务有php mysql和所有这些东西预装,所以你可以在一秒钟开始</ p>

我不希望任何人在我发布它之前看到我做什么,我也没有人看到它 并且可能会窃取或创建与我正在做的相同的事情</ p>

创建网页的第一种方式可能更安全,因为您不与其他任何人共享所有源代码,但是,如果我想使用 使用Hosting的方式,我怎样才能确保没有人可以闯入? 更确切地说:</ p>

我写了每个php文件的开头,如果!isset($ _ SESSION ['user'])不存在那么header(location:index。 php),现在你可能问我为什么? 因为我创建了一个登录表单,你必须登录,现在注册不起作用所以我只是在数据库中创建一个帐户,这样安全吗? 我的目标是没有人可以访问我写的phpfiles而没有登录,甚至认为他们在托管,没有记录你不能打开它们,只有index.php包含类似的东西:你好,请登录继续, 这样安全吗? 是不是很安全,所以我可以在那个php页面上写我的卡片cerdentials? 有人只是模拟一个SESSION而没有真正登录? 并打开那些网页甚至认为如果没有设置会话名称有条件然后重定向index.php? 谢谢,有什么风险? 我应该换到本地开发吗?</ strong> </ p>
</ div>

展开原文

原文

i few weeks ago i wanted to create an app because i came up with a good idea now , firstly i want to implement it on webpage and , there are several ways how to create a webpage well.

The first possible way is to create it locally and set up a server. Then you can install MySQL there PHP etc... you can basicaly develope it while being OFFLINE.

The second way is to find a good hosting and start creating the webpage on hosting , usually all those hosting services have php mysql and all this stuff preinstalled so you can start in a second

i dont want anyone to see what i do before i release it , i also dont anyone to see it and maybe steal or create the same thing as i am doing

The first way of creating webpages is probably safer because you dont share all the source codes with anyone else but , if i want to use the way of doing it using Hosting , how can i make sure that noone can break into that? To be more exact:

i wrote onto the beggining of every php file that if the !isset($_SESSION['user']) doesn't exist then header(location: index.php) , now you probably ask me why? because i created a login form in which you have to login , now registration doesn't work so i just created an account right in the database so is THIS safe? my goal is that noone can access the phpfiles i have written without logging in , even thought they are on hosting , without logging you shouldnot be able to open them , only the index.php which contains something like : Hello , please login to continue , is this way safe ? is it that much safe so i can for example write my card cerdentials on that php page? cant someone just simulate a SESSION without really logging in? and open those webpages even thought there is a condition if session name is not set then redirect index.php ? thanks , what are the risks ? should i swap to local development?

douxiexie3574
douxiexie3574 stackoverflow.com/help/on-topic
大约 4 年之前 回复
dongxing1412
dongxing1412 您可以使用HTACCESS通过IP地址限制对网站的访问
大约 4 年之前 回复

4个回答



你应该在本地开发它而不是为了保护一个你显然不希望任何人看到的在线页面 。</ p>

了解本地Web开发比在线页面实施严格的安全措施要容易得多。</ p>

我个人推荐MAMP。< / p>
</ div>

展开原文

原文

You should really develop it locally instead of going out of your way to secure an online page that you clearly don't want anybody to see.

It's much easier to learn about local web development than to implement harsh security measures for an online page.

I can personally recommend MAMP.



在主机上开发软件可能会有所帮助,省去了如何创建主机的麻烦 自己。</ p>

大多数主机都使用Apache作为Web服务器,所以我建议只在Apache的.htaccess文件中添加一些指令。</ p>

最多 简单的是添加拒绝规则并按IP阻止:</ p>

 拒绝所有
allow from 123.123.123.123
</ code> </ pre>

另一种选择是要求登录。 这是一篇关于这样做的文章: https://wiki.apache.org/httpd/PasswordBasicAuth < / p>

如果您的主机有cPanel,而且有很多,那么从cPanel内部添加密码保护是微不足道的。</ p>

这些都不会影响您的编码 ,或要求任何你可以犯错的东西。 将该权限放在文档根目录中应该很简单,只需在准备启动时删除行即可。</ p>
</ div>

展开原文

原文

Developing the software on the host where it is going to live can be helpful and save you the trouble of figuring out how to create the hosting yourself.

Most hosts use Apache for the web server, and so I would recommend just adding some directives to Apache's .htaccess files.

The most simple is to add deny rules and block by IP:

deny from all
allow from 123.123.123.123

Another option is to require a login. Here's an article on doing that: https://wiki.apache.org/httpd/PasswordBasicAuth

If your host has cPanel, and many do, it is trivial to add password protection from inside of cPanel.

None of these will affect your coding, or require anything that you can make a mistake with. Placing that right in your document root should be easy, and you can simply remove the lines when you're ready to launch.



如果我理解正确,你的魔杖是为你的网站创建一个“维护模式”</ em>吗? / p>

如果是这样,你可以创建一个config.ini文件,如:</ p>

  maintenance_mode = true;在这里使用true或false 
maintenance_access_ip =“ your_ip_here“;使用你的外部IP。 示例:“192.168.0.1”
</ code> </ pre>

并将以下代码放在脚本的顶部:</ p>

   $ configs = parse_ini_file('path / to / config.ini'); 

if(
$ configs ['maintenance_mode']
&amp;&amp; $ _SERVER ['REMOTE_ADDR']!= $ configs ['maintenance_access_ip ']
){
//将您的用户重定向到一个页面,通知您的用户您的服务已关闭
标题('Location:maintenance.php');
die();
}
</ 代码> </ pre>
</ div>

展开原文

原文

If I understand right, what you wand is to create a "maintenance mode" for your site?

If so, you can create a config.ini file like:

maintenance_mode=true ;Use true or false here
maintenance_access_ip="your_ip_here" ;Use your external ip. Example: "192.168.0.1"

And put the following code in the top of your scripts:

$configs = parse_ini_file('path/to/config.ini');

if(
    $configs['maintenance_mode'] 
    && $_SERVER['REMOTE_ADDR'] != $configs['maintenance_access_ip']
){
    //Redirect your user to a page informing your user that your service is down
    header('Location: maintenance.php');
    die();
}

dongzhun4898
dongzhun4898 我想限制对网页的访问,但我需要比登录更复杂的东西
大约 4 年之前 回复



您需要使用您的IP地址验证您的索引页面。 请按照以下代码执行此</ p>

  if($ _ SERVER ['REMOTE_ADDR'] ==“您的IP地址”)
{
//您的索引页代码
} else
{
echo“Not Accessable”;
}
</ code> </ pre>

其他明智的做法是这样的。 将下面的代码放在索引页面顶部</ p>

  if($ _ SERVER ['REMOTE_ADDR']!=“你的IP地址”)
{
//退出或死掉\ n}
</ code> </ pre>
</ div>

展开原文

原文

You need to validate Your Index page with Your IP Address. Follow the below code for this

if($_SERVER['REMOTE_ADDR']=="YOUR IP ADDRESS")
{
    //Your Index Page Code
}else
{
    echo "Not Accessable";
}

other wise do like this. Put below code in top of index page

if($_SERVER['REMOTE_ADDR']!="YOUR IP ADDRESS")
{
    //exit or die
}

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问