-3

I have a website I'm building using Parse as the backend and I want to restrict access to particular URLs (technically URIs) to users that don't have administrator access. As of right now, when users try to log in, their password is checked against the hashed password in the server.

However, if I only want administrators to have access to http://mywebsite.com/secret.html and only once they've logged in, how I do that? Right now anyone can just go to that url, authenticated or not.

Edit: This site has no accounts other than the administrator ones. It's supposed to be anonymous.

4

1 回答 1

1

您无法使用 JavaScript 或 HTML 以安全的方式实现此目的,因为它是客户端的。您最好将 PHP 用于这种或其他一些服务器端 Web 语言。

使用 PHP,您可以通过这种方式轻松登录(在您的登录页面上):

if($_POST['username'] == "admin" && $_POST['password'] == "adminpass"){
    $_SESSION['authed'] = true;
}

在您希望保护的所有页面上,在文件顶部使用它:

if(!isset($_SESSION['authed']) || $_SESSION['authed'] != true){
    echo "You are not logged in";
    die(); //Kill the page so the secured content is not viewable
}else{
    echo "You are logged in";
}

// your secured content here
于 2013-02-19T16:25:58.577 回答