douxuanpa8298 2013-06-29 20:14
浏览 147
已采纳

PHP用户登录失败处理

On each page in an application I have a check to see whether a user is logged in. I recently realized my script was not structured well and made some changes. I am wondering if this new method implements the correct order of operations for a user that is not logged in.

<?php
ob_start();
session_start();

if ($_SESSION['loggedin'] !== true) {
    $_SESSION['messages'][] = '<li>User Not Logged In</li>';
    session_write_close();
    ob_end_clean();
    header('Location: login.php');
    exit;
}
else {
    // execute page
}
?>

Prior to this script, the ob_start() call was below the login check section and therefore was causing redirect issues given that session_start() produces its own headers.

I am also interested in knowing whether the script provides adequate security for a login check.

  • 写回答

2条回答 默认 最新

  • dtkago3208 2013-06-29 20:27
    关注

    This part of code is complete and secure but you have to mention few things for more security you need to regenerate the session ID with session_regenerate_id after putting valuable data like in 'loggedin' on session.

    And I think it is better to put the IF part on a function and omit the else it helps your code be simpler. and Also you can remove the following lines:

    session_write_close();
ob_end_clean();
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥30 win from 窗口最大最小化,控件放大缩小,闪烁问题
  • ¥20 易康econgnition精度验证
  • ¥15 msix packaging tool打包问题
  • ¥28 微信小程序开发页面布局没问题,真机调试的时候页面布局就乱了
  • ¥15 python的qt5界面
  • ¥15 无线电能传输系统MATLAB仿真问题
  • ¥50 如何用脚本实现输入法的热键设置
  • ¥20 我想使用一些网络协议或者部分协议也行,主要想实现类似于traceroute的一定步长内的路由拓扑功能
  • ¥30 深度学习,前后端连接
  • ¥15 孟德尔随机化结果不一致