您的位置: 首页  >  技术问答  >  通过键入URL阻止直接访问网页

通过键入URL阻止直接访问网页

分类: 技术问答 2022-03-17 22:36:30

通过键入URL阻止直接访问网页

问题描述:

So I'm hosting my website (let's call is abc.com) on goDaddy.

I have a login page (abc.com/login.html).

Which takes me to a second page called booking (abc.com/booking.html) once the login credentials are verified.

So I don't want people to be able to just type abc.com/booking.html and access it. I want them to go to abc.com/login.html and then go to abc.com/booking.html

So I came across 2 ways to fix this -

  1. Include a validating php script in booking.html and changing the extension from html to phtml. -> This didn't work for me
  2. Include a .htacess file. -> I'm not really sure how to do that

所以我在goDaddy上托管我的网站(让我们的电话是 abc.com strong>) 。 p>

我有一个登录页面( abc.com/login.html strong>)。 p>

一旦验证登录凭据,我将进入名为预订的第二页( abc.com/booking.html em>)。 p> \ n

所以我不希望人们只能输入 abc.com/booking.html strong>并访问它。 我希望他们转到 abc.com/login.html strong>,然后转到 abc.com/booking.html strong> p>

所以 我找到了两种方法来解决这个问题 - p>

  1. 在booking.html中包含一个验证php脚本,并将扩展名从html更改为phtml。 - > 这对我不起作用 li>
  2. 包含.htacess文件。 - > 我不确定该怎么做 li> ol> div>

so your login screen should already have session code implemented into it that has a variable that specifies if the user is logged in or not. If you don't have that implemented yet, the code would look similar to:

<?php session_start();//at the very top of the page
?>
//... your own code
//if the user successfully logs in then:
$_SESSION['authenticated']=true;

Then on the booking.php page (it should be php to allow php scripts which is super important for validating if a user is logged in), you would then check if the user did log in. If he did, the rest of the page loads, if he didn't, you would redirect them to login.php:

at the very top of booking.php:

<?php session_start();
if (!isset($_SESSION['authenticated']))
{
    //if the value was not set, you redirect the user to your login page
    header('Location https://www.example.com/login.php');
    exit;
}
else
{
   //if the user did login, then you load the page normally
}

  1. Use $_SESSION or
  2. Pass a variable from login.php to booking.php. And then authenticate every user based on the variable passed using the $_POST method.

eg. 

if (!isset($_POST['auth'])) {
 // redirect user back to login page
} else {
 // successful login
}

You can do it like

rename extensions of all pages where you want this authentification

e.g.

login.html >> login.php
booking.html >> booking.php
booking-suceess.html >> booking-success.php

create one script namely auth.php with following code

<?php
session_start();
if(!isset($_SESSION['username'])){
    header("location:login.php");
}
?>

In login.php add session

$_SESSION['username'] = $_POST['username'];

Now you can add auth.php in any php page where you want login compulsory as follow :

include ('auth.php');

相关推荐