开发者

How server side page decide a request to a page is authorized?

问答 作者:

It's normal case, user inputs a username with password, and after that the entire system can be accessed. Suppose I have a page a.php(or ASP), how can I restrict only the user that has been authorized can view a.php, for other user if they type (http://host/a.php) in browser, they will get an error?

And fur开发者_如何学Pythonthermore, is it done thru cookie? If you can explain the details under the hood I would appreciate more :)

This is somewhat lengthy topic and needs so much explanation to fit in this space. I'd advise you to go through the following beginner level tutorials on how to create a Login system with PHP. You will then understand what happens under the hood:

  1. PHP Simple Login Script Tutorial – Very details guide to create a PHP and MySQL login system.
  2. Creating a Secure PHP Login Script – How to create a secure PHP login script that will allow safe authentication.
  3. Developing a Login System with PHP and MySQL – another greate PHP and MySQL login tutorials.
  4. Login – Logout with a Session in 1 file – Write a php code for login and logout in one file.
  5. Creating a file based login system – PHP Login system without mysql database
  6. Login system – Learn to create a PHP and Mysql Login system by using cookie
  7. PHP Log In Script – video tutorial – Video Tutorials how to create a PHP and Mysql login system.

It can be done with Cookies but most PHP sites use Sessions.

See for detailed information: http://www.php.net/manual/en/session.examples.basic.php

The steps involved:

1.) Create a sign-in page that checks for valid username and password then save a key value to a session variable that references the user table. signin.php (sudo-code)

session_start();

if(username is correct && password is correct)
{
  $_SESSION['userkey'] = GUID from database
}

2.) Create a PHP page that has the session variable and checks if the variable is set.

signincheck.php (sudo-code)

session_start();
$is_signed_in = false;

if (isset($_SESSION['userkey'])) 
{
    if(isvalid userkey)
    {
    $is_signed_in = true;
    }
}

3.) Require that page in each of your pages that needs to be for registered only.

require('signincheck.php');

if($is_signed_in === true)
{
  allow access to page
}
else
{
  header redirect to some other page
}

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9