duancuan7057 2013-03-31 17:00
浏览 59

会话保护3 [重复]

This question is an exact duplicate of:

I am creating a webpage bit by bit, testing parts of the webpage ideas. I want to learn how to session protect a page. I have already password protected a page seccsesfully, but anybody can access the page by typing in the url. i want to session protect my page so no one can do that. i have three pages: index.html, which has the form which sends the the password.php, the password.php, which makes sure that the password and username are correct using "if statments"(here is the "if statment")

    if ($username == 'mgmb99'){
    if ($password == 'mgmb91mas'){
    header('Location: youhere.php');
    } else {
    echo 'your username or password is wrong.<a href="http://www.passwordtest.comze.com"> go back to login page </a>';
    }} else {
    echo 'your username or password is wrong.<a href="http://www.passwordtest.comze.com"> go back to login page </a>';
    };

, and the youhere.php which is the page once you logged in.

</div>
  • 写回答

2条回答 默认 最新

  • dongqian6554 2013-03-31 17:12
    关注

    there are lots of good examples online. But Session limiting (and database for that matter) are best with salt keys or hashes.

    So basically you take an id/username and a random piece of text and (for example) hash it with sha1.

    sha1($[your username].'completely random piece of text')

    This will give you a 40 character string which you can reproduce if you have the username and the random text. So:

    if($SESSION['id'] == sha1($[your username].'completely random piece of text')) { // now you know that the username is correct }

    Thats basically it. It does have some more tricks offcourse. But never put anything in the session that could make sence to anyone. So just use public Id's (not user ID's) in the session as well as hashed data.

    An example for a simple SESSION is here (did not check it, but its nice to start with): http://www.webdesign.org/web-programming/php/password-protect.11092.html

    Goodluck!

    评论

报告相同问题?

  • PHP标头/会话问题[重复] php
    2013-11-23 02:42
    回答 1 已采纳 As the error message tells you, there is already an output before the call of session_start. Becau
  • 如何阻止阻止重复输入PHP会话 ajax php
    2016-08-12 21:58
    回答 1 已采纳 Your whole approach seems crazy, since you can store associative arrays in a session variable. You
  • 如何保护登录会话 mysql php
    2016-11-10 01:28
    回答 1 已采纳 The only piece of the session that the user has in their browser is the Session ID in the cookie.
  • 会话管理 轻量php框架_PHP: 会话管理基础 - Manual
    2020-12-24 11:07
    南洋浪客的博客 你需要采取额外的手段来保护会话中的机密信息,至于采取何种方式来保护机密信息,取决于你在会话中存储的数据的机密程度。评估会话中存储的数据的重要性,以及为此增加额外的保护机制,通常需要付出一定的代价,同时...
  • PHP:在TYPO3扩展中实例化前端用户会话 php
    2018-01-14 22:04
    回答 1 已采纳 Maybe this is an option, like done in the extension femanager: https://github.com/in2code-de/feman
  • PHP会话变量请求时间 php
    2019-03-07 11:29
    回答 1 已采纳 Unless you do these session read/write operations millions of times (e.g. in a loop) you shouldn't
  • PHP会话不更新变量 php
    2018-08-17 09:28
    回答 2 已采纳 session_start() must be the second thing on your page after <?php. HTML tags must be placed aft
  • php表单提交判断重复数据库,php – 防止重复的表单提交
    2021-04-23 21:29
    weixin_35980160的博客 我想出了一种防止重复提交表单的技术,方法是返回/转发或刷新页面.而且我也想过这里,我已经测试了一个不在生产环境中的样品,你能识别出什么缺陷?请注意,我很清楚使用表单令牌,这将保护您免受CSRF攻击,并没有在以下...
  • PHP LDAP会话持久性 php
    2019-02-04 15:31
    回答 1 已采纳 The problem is not about LDAP, the problem is about HTTP. HTTP is a stateless protocol whereas LD
  • PHP会话干扰子域会话 php
    2017-11-21 17:01
    回答 1 已采纳 Since they share the same domain, they are the same site and share a session. You can manually ov
  • PHP会话 - 几个问题 php
    2017-02-22 09:59
    回答 3 已采纳 No, the session garbage collection is managed by the system, based on the session.gc_maxlifetime
  • PHP学习线路图
    2018-09-19 19:33
    hixiaoyang的博客 PHP学习线路图 PHP教程 ...PHP教程 ...PHP简介 ...PHP环境设置 ...PHP语法概述 ...PHP变量类型 ...PHP常量类型 ...PHP运算符类型 ...PHP 条件语句 ...PHP循环语句 ...PHP会话 PHP发送电子邮件 PHP文件上传 P...
  • 会话变量间歇性PHP html php
    2018-01-19 20:45
    回答 1 已采纳 SOLVED: In my navigation bar I was using a full URL instead of a relative link, this was causing
  • PHP简介:设置 PHP 环境
    2024-02-18 05:15
    新华的博客 设置 PHP 环境是运行动态 Web 应用程序的关键过程。它涉及选择和安装 Web 服务器,例如 Apache 和 PHP。配置步骤包括在 Web 服务器设置中启用 PHP 模块,以及通过相关扩展与 MySQL 等数据库建立连接。微调 php.ini ...
  • php.ini配置中文详解
    2023-03-17 11:10
    二零久八的博客 此指令描述了PHP注册GET, POST, Cookie, 环境 和 内置变量的顺序 (各自使用G, P, C, E 和 S , 一般使用 EGPCS 或 GPC). 注册使用从左往右的顺序, 新的值会覆盖旧的值.mysqli_connect()默认的端口号. 如果没有设置, ...
  • 没有解决我的问题, 去提问

悬赏问题

  • ¥15 如何用Labview在myRIO上做LCD显示?(语言-开发语言)
  • ¥15 Vue3地图和异步函数使用
  • ¥15 C++ yoloV5改写遇到的问题
  • ¥20 win11修改中文用户名路径
  • ¥15 win2012磁盘空间不足,c盘正常,d盘无法写入
  • ¥15 用土力学知识进行土坡稳定性分析与挡土墙设计
  • ¥70 PlayWright在Java上连接CDP关联本地Chrome启动失败,貌似是Windows端口转发问题
  • ¥15 帮我写一个c++工程
  • ¥30 Eclipse官网打不开,官网首页进不去,显示无法访问此页面,求解决方法
  • ¥15 关于smbclient 库的使用