在重定向系统中混淆此 cookie

2021-12-21 00:00:00 cookies php

我在 PHP 工作.我想在登录后将页面重定向到我想访问的最后一个页面,但 5 小时后我仍然在这里堆栈,但我仍然没有成功.这是架构,我有 3 个 php 文件.

I work in PHP. I want to redirect page after login to the last page that i want to visit, but I'm still stack at here in 5 hours and I still don't make it yet. This is the schema, I have 3 php file.

newest.php (before login), 
signin.php (before login), 
thread.php (after login). 

我正在使用 cookie 进行此重定向.首先我去了newest.php,然后我点击了按钮(去thread.php).然后thread.php看到你还没有登录,然后重定向到signin.php.在我填写登录表单后,我点击了提交按钮(signin.php),然后我在 signin.php 堆栈(不去任何地方)即使我已经登录,它应该去 thread.php自动.

I'm using cookies for this redirecting. First i went to the newest.php, then i clicked the button (go to thread.php). Then thread.php saw that you haven't loggin yet, then redirected to signin.php. After i fill the signin form then, i clicked the submit button (the signin.php), then I'm stack at signin.php (not going anywhere) even after I've loggin in, it should be go to thread.php automatically.

这是我在 newest.php 中的代码 &thread.php(不在 signin.php 中):

this is my code in newest.php & thread.php (not in signin.php):

$coopage='coopage';
$current_page='http://'.$_SERVER[HTTP_HOST].$_SERVER[REQUEST_URI];
setcookie($coopage, $current_page,time()+86400,'/');

newest.php 中的提交按钮(它转到 thread.php):

submit button in newest.php (it goes to thread.php):

echo "<center><button onclick="window.location='/thread/form'">add new thread</button></center>"; 

在 signin.php 中(在我点击提交按钮或在提交区域后,因为表单和提交后我在同一页面中)(在页面底部):

in signin.php (after i clicked the submit button or in submit area, because form and after submit i made in the same page) (in the bottom of the page):

if(isset($_COOKIE[$coopage])){
    $url=$_COOKIE[$coopage];
    unset($_COOKIE[$coopage]);
    header('location:'.$url);
}

注意:在 signin.php 中,我在这个 cookie 之前还有另一个 cookie 设置,这是造成这个的原因吗?或者我在一页中设置了 2 个 cookie 有关系吗?另一个cookie设置是这样的(在页面顶部)

note: in signin.php i also have another cookie setup before this cookie, is that the cause of this? or does it matter if i have 2 cookies setup in one page? Another cookie setup is like this (at the top of the page)

$cooval2='juna';
setcookie($coousername, $cooval2, time() + (3600 * 24 * 365), "/"); // 1 year

推荐答案

我根本不会使用 cookie.

I would not use cookies at all.

方法一

一种可能的方法是将访问的链接存储到会话变量中,然后当用户到达 login.php 页面时,提供一个重定向到会话变量给定的 $url 的标头.

A possible way could be to store the link visited into a session variable and then when the user reaches the login.php page, provide a header redirect to $url given by the session variable.

将此代码粘贴到您网站或主容器上的所有页面中.

Paste this code into all your pages on your website or the main container.

<?php
session_start(); 
$_SESSION['url'] = $_SERVER['REQUEST_URI']; 

对于登录页面,您可以:

For the login page you can have:

<?php
session_start();  // needed for sessions.
if(isset($_SESSION['url'])) 
   $url = $_SESSION['url']; // holds url for last page visited.
else 
   $url = "student_account.php"; 

header("Location: http://example.com/$url"); 

方法二

到目前为止,一个更简单的解决方案就是拥有:

A simpler solution by far is simply to have:

<hidden name="redirurl" value="<? echo $_SERVER['HTTP_REFERER']; ?>" />

然后在他们登录后重定向到该地址.

Then redirect to that address once they log in.

但是,这只有在每个页面上都有一个登录框时才有用.

However, this is only good if you have a login box on every page.

$_SERVER['REQUEST_URI'] 只会保存当前页面.你想要做的是使用 $_SERVER['HTTP_REFERER'].因此,将 HTTP_REFERER 保存在表单的隐藏元素中,但还要注意,在处理表单的 PHP 中,如果登录失败,您将需要一些逻辑来重定向回登录页面,但还要检查引用者是否实际上是您的网站,如果不是,则重定向回主页.

$_SERVER['REQUEST_URI'] will simply hold the current page. What you want to do is use $_SERVER['HTTP_REFERER']. So save the HTTP_REFERER in a hidden element on your form, but also take note on that in the PHP that processes the form you will need some logic that redirects back to the login page if login fails but also to check that the referer is actually your website, if it isn't, then redirect back to the homepage.

方法三

另一种常见的方法是通过 $_GET 变量将用户的当前页面传递到登录表单.

Another common way to do this is to pass the user's current page to the Login form via a $_GET variable.

更改您的脚本,以便让登录页面记住您的位置:

change your script so that is also tells the login page to remember where you are:

注意:$_SERVER['REQUEST_URI'] 是您当前的页面

Note: $_SERVER['REQUEST_URI'] is your current page

header("Location:login.php?location=" . urlencode($_SERVER['REQUEST_URI']));

现在检查它是否已填充,然后将用户发送到:登录.php

Now check if it is populated, then send the user to this: login.php

echo '<input type="hidden" name="location" value="';
if(isset($_GET['location'])) {
    echo htmlspecialchars($_GET['location']);
}
echo '" />';
//  Will show something like this:
//  <input type="hidden" name="location" value="previousPage.php" />

登录检查.php

session_start();

//  our url is now stored as $_POST['location'] (posted from login.php). If it's blank, let's ignore it. Otherwise, let's do something with it.
$redirect = NULL;
if($_POST['location'] != '') {
    $redirect = $_POST['location'];
}

if((empty($username) OR empty($password) AND !isset($_SESSION['id_login']))) {
    $url = 'login.php?p=1';
    // if we have a redirect URL, pass it back to login.php so we don't forget it
    if(isset($redirect)) {
        $url .= '&location=' . urlencode($redirect);
    }
   header("Location: " . $url);
   exit();
}
elseif (!user_exists($username,$password) AND !isset($_SESSION['id_login'])) {
    $url = 'login.php?p=2';
    if(isset($redirect)) {
        $url .= '&location=' . urlencode($redirect);
    }
   header("Location:" . $url);
   exit();
}
elseif(isset($_SESSION['id_login'])) {
    // if login is successful and there is a redirect address, send the user directly there
    if($redirect)) {
        header("Location:". $redirect);
    } else {
        header("Location:login.php?p=3");
    }
    exit();
}

相关文章