dongyun8891 2012-04-26 17:40
浏览 6
已采纳

闯入SESSION变量

In every PHP file in my project I am using the following code so that nobody can get into the website without logging in:

<?php
    session_start();
    if($_SESSION['userid']!="myuserid"){
        header("Location: Adminlogon.php");
    }
?>

Note that I need only one user id, the user id and password is shared among a group of people.

Is this code safe? Can I do better?

  • 写回答

2条回答 默认 最新

  • dongpo1216 2012-04-26 18:57
    关注

    Your code is not safe, because actually it does not prevent from each script being executed - which is what you actually want to prevent.

    To prevent execution if the session is not set correctly, you need to leave the file, for example with the return statement:

    <?php
        session_start();
        if ($_SESSION['userid'] != "myuserid")
        {
            header("Location: Adminlogon.php");
            return; ### leave this script/include
        }
    ?>
    

    Instead of return you can also use the exit or die statement for rudimentary scripts.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 爬取豆瓣电影相关处理
  • ¥15 手机淘宝抓清除消息接口
  • ¥15 C#无selenium
  • ¥15 LD衰减计算的结果过大
  • ¥15 用机器学习方法帮助保险公司预测哪些是欺诈行为
  • ¥15 计算300m以内的LD衰减
  • ¥15 数据爬取,python
  • ¥15 怎么看 cst中一个面的功率分布图,请说明详细步骤。类似下图
  • ¥15 为什么我的pycharm无法用pyqt6的QtWebEngine
  • ¥15 FOR循环语句显示查询超过300S错误怎么办