1. дома
  2. Вопрос и ответ
  3. Dreamweaver CS6 - ограничить доступ к странице

Dreamweaver CS6 - ограничить доступ к странице

2015-02-15 10 views
-1

У меня есть страница index.php (которая имеет аутентификацию пользователя). Успешный логин позволяет перейти на страницу download.php.Dreamweaver CS6 - ограничить доступ к странице

На download.php Я установил поведение сервера-userauthentication-ограничил доступ к странице, чтобы перенаправить на index.php, если доступ запрещен. Но это не работает. Я все равно могу открыть загрузки pagedirectly, предоставив ссылку в браузере ,

Как я могу предотвратить это?

Вот код «downloads.php»:

<?php 
if (!isset($_SESSION)) { 
    session_start(); 
} 
$MM_authorizedUsers = "1"; 
$MM_donotCheckaccess = "true"; 

// *** Restrict Access To Page: Grant or deny access to this page 
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
    // For security, start by assuming the visitor is NOT authorized. 
    $isValid = False; 

    // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
    // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
    if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
     $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
     $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
     $isValid = true; 
    } 
    } 
    return $isValid; 
} 

$MM_restrictGoTo = "Index.php"; 
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) { 
    $MM_qsChar = "?"; 
    $MM_referrer = $_SERVER['PHP_SELF']; 
    if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&"; 
    if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0) 
    $MM_referrer .= "?" . $_SERVER['QUERY_STRING']; 
    $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer); 
    header("Location: ". $MM_restrictGoTo); 
    exit; 
} 
?> 
<!doctype html> 
<html> 
<head> 
<meta charset="utf-8"> 
<title>Untitled Document</title> 
</head> 
WTF page ... 
<body> 
</body> 
</html>

А вот код файла index.php, который реализован логин:

<?php require_once('Connections/myconn.php'); ?> 
<?php 
if (!function_exists("GetSQLValueString")) { 
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{ 
    if (PHP_VERSION < 6) { 
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; 
    } 

    $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); 

    switch ($theType) { 
    case "text": 
     $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; 
     break;  
    case "long": 
    case "int": 
     $theValue = ($theValue != "") ? intval($theValue) : "NULL"; 
     break; 
    case "double": 
     $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; 
     break; 
    case "date": 
     $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; 
     break; 
    case "defined": 
     $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; 
     break; 
    } 
    return $theValue; 
} 
} 

mysql_select_db($database_myconn, $myconn); 
$query_Recordset1 = "SELECT * FROM users"; 
$Recordset1 = mysql_query($query_Recordset1, $myconn) or die(mysql_error()); 
$row_Recordset1 = mysql_fetch_assoc($Recordset1); 
$totalRows_Recordset1 = mysql_num_rows($Recordset1); 
$query_Recordset1 = "SELECT * FROM users"; 
$Recordset1 = mysql_query($query_Recordset1, $myconn) or die(mysql_error()); 
$row_Recordset1 = mysql_fetch_assoc($Recordset1); 
$totalRows_Recordset1 = mysql_num_rows($Recordset1); 
?> 
<?php 
// *** Validate request to login to this site. 
if (!isset($_SESSION)) { 
    session_start(); 
} 

$loginFormAction = $_SERVER['PHP_SELF']; 
if (isset($_GET['accesscheck'])) { 
    $_SESSION['PrevUrl'] = $_GET['accesscheck']; 
} 

if (isset($_POST['Username'])) { 
    $loginUsername=$_POST['Username']; 
    $password=$_POST['Password']; 
    $MM_fldUserAuthorization = "ACC_LEVEL"; 
    $MM_redirectLoginSuccess = "downloads.php"; 
    $MM_redirectLoginFailed = "Index.php"; 
    $MM_redirecttoReferrer = false; 
    mysql_select_db($database_myconn, $myconn); 

    $LoginRS__query=sprintf("SELECT `USER`, PASSWORD, ACC_LEVEL FROM users WHERE `USER`=%s AND PASSWORD=%s", 
    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 

    $LoginRS = mysql_query($LoginRS__query, $myconn) or die(mysql_error()); 
    $loginFoundUser = mysql_num_rows($LoginRS); 
    if ($loginFoundUser) { 

    $loginStrGroup = mysql_result($LoginRS,0,'ACC_LEVEL'); 

    if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();} 
    //declare two session variables and assign them 
    $_SESSION['MM_Username'] = $loginUsername; 
    $_SESSION['MM_UserGroup'] = $loginStrGroup;  

    if (isset($_SESSION['PrevUrl']) && false) { 
     $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; 
    } 
    header("Location: " . $MM_redirectLoginSuccess); 
    } 
    else { 
    header("Location: ". $MM_redirectLoginFailed); 
    } 
} 
?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
<title>Untitled Document</title> 
<script src="SpryAssets/SpryValidationTextField.js" type="text/javascript"></script> 
<link href="SpryAssets/SpryValidationTextField.css" rel="stylesheet" type="text/css" /> 
</head> 
<body> 
<form ACTION="<?php echo $loginFormAction; ?>" method="POST" name="LoginForm" id="LoginForm"> 
<h1><img src="logo.png" width="119" height="124" /></h1> 
<p>&nbsp;</p> 
<table width="380" border="0,5" align="left"> 
    <tr> 
     <td><div align="left"><span id="sprytextfield1"> 
     </span></div>  <span id="sprytextfield1"> 
     <label for="Username"></label> 
     <div align="left">Username : <br /> 
      <input type="text" name="Username" id="Username" /> 
      <span class="textfieldRequiredMsg">A value is required.</span></div> 
     </span></td> 
    </tr> 
    <tr> 
     <td><div align="left"></div></td> 
    </tr> 
    <tr> 
     <td><span id="sprytextfield2"> 
     </span>  <span id="sprytextfield2"> 
     <label for="Password"></label> 
     <div align="left">Password : <br /> 
      <input type="password" name="Password" id="Password" /> 
      <span class="textfieldRequiredMsg">A value is required.</span></div> 
     </span></td> 
    </tr> 
    <tr> 
     <td><div align="left"></div></td> 
    </tr> 
    <tr> 
     <td><div align="left"> 
     <input type="submit" name="LoginButton" id="LoginButton" value="Log in" /> 
     </div></td> 
    </tr> 
    <tr> 
     <td><div align="left"></div></td> 
    </tr> 
    </table> 
</form> 
<script type="text/javascript"> 
var sprytextfield1 = new Spry.Widget.ValidationTextField("sprytextfield1"); 
var sprytextfield2 = new Spry.Widget.ValidationTextField("sprytextfield2"); 
</script> 
</body> 
</html> 
<?php 
mysql_free_result($Recordset1); 
?>

источник

2015-02-15 user763539

+1

где код, который должен препятствовать доступу? – charlietfl

ответ

0

Что я забыл сделать это, чтобы связать страницу downloads.php с моим соединением. Затем он работал нормально.

источник

2015-02-17 03:38:14 user763539

Смежные вопросы

 Смежные вопросы