php - php阻止用户查看日志

php - php阻止用户查看日志,第1张

<form method = "post" action = "<?php echo $_SERVER['PHP_SELF']; ?>" />
Username:<input type = "text" name ="user"> <br />
Password:<input type = "password" name = "pass"><br />
<input type = "submit" value ="View Logs!"><br />
 <?php
$user = $_POST['user'];
$pass = $_POST['pass'];

//Problem here, I need to only allow the user to see logs 
// after he or she has entered the correct info.
//Currently code just shows all, when the user hits View Logs
// without any credentials
if (($user == "php")  && ($pass == "student"))
echo "Enjoy the Logs!";
else echo  "<b>Access Denied!</b>";
 ?>

最佳答案:

2 个答案:

答案 0 :(得分:1)

问题是您的表单直接发布到log.txt,并且在表单提交后没有处理任何PHP。您需要更改操作以发布到PHP文件本身,然后在检查密码后使用http_redirect将用户重定向到log.txt。

虽然说任何人都可以使用直接URL访问log.txt,但它仍然不会非常安全,所以你需要在那里进行某种授权。最好的办法是将log.txt存储在某些无法通过HTTP访问的地方,然后使用readfile加载并显示该文件来代替您的echo:

<form action="" method="post">
    Username:<input type="text" name="user"/> <br />
    Password:<input type="password" name="pass"/><br />
    <input type="submit" value="View Logs!"/><br />
</form>
 <?php
    $user = $_POST['user'];
    $pass = $_POST['pass'];
    if (($user == "php")  && ($pass == "student")) {
        echo '<pre>';
        readfile('log.txt');
        echo '</pre>';
    }
    else {
        echo  "<b>Access Denied!</b>";
    } 
?>

答案 1 :(得分:0)

<?
  if ( 
    isset( $_POST['user'] )
    && isset( $_POST['pass'] ) 
  ) {
    $user = $_POST['user'];
    $pass = $_POST['pass'];

    if (
        ($user == 'php')
        && ($pass == 'student')
    ) {
      echo "Enjoy the Logs!";

      readfile('log.txt');
    }
    else {
      echo '<b>Access Denied!</b>';
    }
  } else {
    ?>
      <form method="post">
      Username:<input type="text" name="user"> <br />
      Password:<input type="password" name="pass"><br />
      <input type="submit" value="View Logs!"><br />
    <?
  }
本文经用户投稿或网站收集转载,如有侵权请联系本站。

发表评论

0条回复