对于一些 Web 开发实践,我决定创建一个类似于 Dropbox 的站点,用户可以在其中使用用户名和密码登录,并且假设组合正确,可以访问文件上传器界面以及检索文件的方法。我有一些有用的东西,但我遇到了一个问题。一旦用户提交了他们的用户名和密码,页面就会使用新的 php 代码重新加载(这很好),但是,URL 会稍微更改为显示用户名和密码的位置。有人能告诉我如何防止这种情况发生吗?
这是 index.php 文件:
<?php
function checkCredentials()
{
if($_GET && $_GET["username"]=="kwaugh" && $_GET["password"]=="password")
{
?>
<html>
<head>
<title>File Storage</title>
<style>
body{font-size:.85em ;font-family:Arial;}
</style>
</head>
<body>
<center>
<br>Please select the file that you would like to upload:<br><br>
<form method="post" enctype="multipart/form-data">
<input type="file" name="filename"/>
<input type="submit" value="Upload" />
</form>
</center>
</body>
</html>
<?php
if ($_FILES)
{
$name = $_FILES['filename']['name'];
move_uploaded_file($_FILES['filename']['tmp_name'], $name);
if(file_exists($name))
{
?>
<html>
<body>
<div style="color:red; font-size:2em; font-family:Arial">
<center>The file has been successfully uploaded <br />Click <a href="getFiles.php">here</a> to go to your uploaded files</center>
</div>
</body>
</html>
<?php
}
else
{
?>
<html>
<body>
<div style="color:red; font-size:2em; font-family:Arial">
<center>Well crap, something went wrong. The file could not be uploaded :'( </center>
</div>
</body>
</html>
<?php
}
}
die();
}
elseif($_GET && $_GET["username"]!=="kwaugh" || $_GET && $_GET["password"]!=="password")
{
?>
<script>
alert("You have entered an incorrect username/password combination");
</script>
<?php
}
}
checkCredentials();
?>
<html>
<head>
<title>File Storage</title>
</head>
<body> <br /><br />
<center>
<img src="elephant.jpg">
<form name="credentials">
Please enter your username and password to upload files: <br />
Username: <input type="text" name="username"><br />
Password: <input type="password" name="password"><br />
<input type="submit" value="Submit" >
</form>
<br />Or click <a href="getFiles.php">here</a> to access stored files.
</center>
</body>
</html>