0

好的。我有一个名为plans.php 的页面,里面有三个链接(Plan 1、Plan 2、Plan 3)。每个链接都有自己的页面,并重定向到登录页面(login.php,工作正常)。因此,如果用户在单击“计划 2”时未登录,它将强制用户登录,以便他们可以看到所需的页面,这完全取决于用户选择的“计划”。

问题:我很难将用户重定向回“所需的计划(URL)”。

解决方案:如果用户选择“计划 1 或计划 2(无论计划)”,那么它将强制用户登录(我的工作正常),用户成功登录后,用户必须被重定向到各自的“计划页面” .

如果有人熟悉这个问题,请帮助。

计划.php

<a href="plan-1.php">Plan 1</a>
<a href="plan-2.php">Plan 2</a>
<a href="plan-3.php">Plan 3</a>

计划-2.php

<?php
 ob_start();
   include "header.php";

   if(!$current_user) { 
     require_login();
    }
 ob_end_flush();
?>

HTML 代码:用户在登录页面后将看到的内容。

<p>Hello, you have been redirected to "Plan 2"</p>

登录.php

<?php 
  ob_start();
    include "header.php";
    if($current_user) { 
       req_logout(); }
  ob_end_flush();
?>

HTML 代码:

 <form action="authenticate.php" method="POST">
  <label for="email">Email</label><br/>
  <input type"text" class="input" name="username" id="username" />
  <label for="password">Password</label><br/>
  <input name="password" type="password" class="input" id="password"/>
  <input type="submit" value="Sign In" class="submit"/>
 </form>

此文件验证登录表单提交到的用户凭据。

认证.php

<?php
  session_start();
  require_once "db.php";
  db_connect();
  require_once "auth.php";

  $user_id = credentials_valid($_POST['username'], $_POST['password']); 
     if($user_id){
      log_in($user_id);

    if($_SESSION['redirect_to']){
          header("Location: " . $_SESSION['redirect_to']);
          unset($_SESSION['redirect_to']);

        }else{
         // Default page after user logs in.
          header("Location: manage.php");
    }
    }else{
       header("Location: login.php?error=1");
       exit("You are being redirected");
    }
?>

我在这个文件中有一些 PHP 函数。

授权文件

// Logs into the user $user
function log_in($user_id){
$_SESSION['user_id'] = $user_id;
}


// Returns the currently logged in user (if any)
function current_user(){
static $current_user;
if(!$current_user){
    if($_SESSION['user_id']){
        $user_id = intval($_SESSION['user_id']);
        $query = "SELECT *
                  FROM `********`
                  WHERE `id` = $user_id";

        $result = mysql_query($query);
        if(mysql_num_rows($result)){
            $current_user = mysql_fetch_assoc($result);
            return $current_user;
        }
    }
}
 return $current_user;   
}

// Requires a current user (Restrict Access to Page)
function require_login(){
if(!$current_user){
       $_SESSION['redirect_to'] = $_SERVER['REQUEST_URI'];
        header('Location: signin.php');
    exit("You must log in.");
}
}
4

2 回答 2

0

Try to send a parameter when a user clicks on a plan link. Pass or save the parameter and after successful login, use that parameter to redirect to the proper page.

in plan-2.php

session_start();
$_SESSION['redirect_to']="plan-2.php";

EDIT: Here is complete solution using parameter sending via GET and POST (as I have been asked for):

plans.php

<a href="plan.php?no=3">Plan 1</a>
<a href="plan.php?no=3">Plan 2</a>
<a href="plan.php?no=3">Plan 3</a>

plan.php

<?php
 ob_start();
   $getbackURLid=$_GET['no'];
   include "header.php";

   if(!$current_user) { 
     require_login($getbackURLid);
    }
 ob_end_flush();
?>

signin.php

<?php 
  ob_start();
    include "header.php";
    if($current_user) { 
       req_logout(); }
  ob_end_flush();
?>

HTML code:

 <form action="authenticate.php" method="POST">
  <label for="email">Email</label><br/>
  <input type"text" class="input" name="username" id="username" />
  <label for="password">Password</label><br/>
  <input name="password" type="password" class="input" id="password"/>
  <input type"hidden" name="url" value="<?php echo $_GET['url'];?>" />
  <input type="submit" value="Sign In" class="submit"/>
 </form>

authenticate.php

<?php
  session_start();
  require_once "db.php";
  db_connect();
  require_once "auth.php";

  $user_id = credentials_valid($_POST['username'], $_POST['password']); 
     if($user_id){
      log_in($user_id);

    if($_POST['url']){
          header("Location: plan.php?no=".$_POST['url']);
          unset($_SESSION['redirect_to']);

        }else{
         // Default page after user logs in.
          header("Location: manage.php");
    }
    }else{
       header("Location: login.php?error=1");
       exit("You are being redirected");
    }
?>

auth.php

// Logs into the user $user
function log_in($user_id){
$_SESSION['user_id'] = $user_id;
}


// Returns the currently logged in user (if any)
function current_user(){
static $current_user;
if(!$current_user){
    if($_SESSION['user_id']){
        $user_id = intval($_SESSION['user_id']);
        $query = "SELECT *
                  FROM `********`
                  WHERE `id` = $user_id";

        $result = mysql_query($query);
        if(mysql_num_rows($result)){
            $current_user = mysql_fetch_assoc($result);
            return $current_user;
        }
    }
}
 return $current_user;   
}

// Requires a current user (Restrict Access to Page)
function require_login($getbackURLid){
if(!$current_user){
       $_SESSION['redirect_to'] = $_SERVER['REQUEST_URI'];
        header('Location: signin.php?url=$getbackURLid');
    exit("You must log in.");
}
}
于 2013-05-10T02:44:42.910 回答
0

由于一些流行的浏览器(如 Chrome)缓存服务器重定向响应,如果您执行服务器重定向,请求的页面将始终重定向到与浏览器遇到的第一个重定向相同的页面。

为了解决这个问题,您的验证 PHP 页面应该包含以下重定向:

<?php

    function curPageURL() {
        $pageURL = 'http';
        if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
        $pageURL .= "://";
        if ($_SERVER["SERVER_PORT"] != "80") {
            $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
        } else {
            $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
        }
        return $pageURL;
    }

    // Check if the session's user is logged in properly
    $redirect = "";
    if (!$_SESSION['current_user']) {
        $target_page= "http://www.myserver.com/login?sender=" + urlencode(curPageURL());

        echo "<html>";
        echo "  <head>";
        echo "    <script>";
        echo "      window.location = '", $target_page, "';";
        echo "    </script>";
        echo "  </head>";
        echo "  <body></body>";
        echo "</html>"
    } else {
?>

<html>
  <head>
  </head>
  <body>
    <!-- put your page html here -->
  </body>
</html>

<?php
    }
?>

请注意,我不是 PHP 开发人员,我的代码可能包含语法错误,必须正确修改。

所以...是的,代码可能看起来有点糟糕,但要记住的重要一点是不要使用 http 响应重定向。我尝试了所有可能的方法来禁用响应缓存,但 chrome 根本不在乎。我发现唯一安全的方法是使用 javascript 进行重定向。我没有尝试 META http-equiv="refresh" 方式。我想这也很安全,因为我们经常看到。

要记住的另一件事是,如果用户未登录,请避免呈现您的敏感页面内容。

考虑到这一点,你应该很高兴。

希望能帮助到你!

于 2015-04-27T20:23:46.337 回答