Backend DevelopmentPHP TutorialDetailed introduction to handling illegal access in PHP (picture)
前言
在浏览器输入一个网址链接,来定位一个资源是互联网工作的基础,但是为了网站安全性考虑,对网站进行非法访问是非常的有必要的。今天就来总结一下常用的禁止非法访问的一些实现方式。
Session 方式
大部分网站都会有登陆这么个功能,而基于此功能的一个很重要的模块就是“身份验证”,当然了和OAuth等专业的认证是没法比的啦。这里就是简单的对于用户登陆成功后的一个认证。尤其是在跨页处理一些事务的时候,Session的作用就会更加的明显了,今天就借助于Session来实现一个禁止非法访问的功能。
原理比较简单,用到了两个php文件,index.php的作用是模拟用户登录,然后再session中写入“身份”, 然后再访问该网站其他的页面的时候就会带着这个身份验证进行登录。
index.php模拟身份验证
<?phpsession_start();$_SESSION['name']='郭璞';echo "Hello ".$_SESSION['name'];
目标资源页session.php
<?phpsession_start();$name = $_SESSION['name'];if(!$name) {
echo "403 Forbidden!请您先登录,然后在查看相关的信息!";
die('//-^-\\');
}else{
echo "认证通过了!";
}效果演示
没有身份标记时提示相关信息
模拟验证
模拟验证通过后访问资源页面
URL判断法
我个人觉得,根据URL方式来处理的一个比较好的方法是通过路由设置,通过一个路由大总管,处理一切外部请求,想来效果一定会是不错的吧。
下面介绍一下一个简易版的实现,功能就是防外链处理。核心就是通过Referer来实现。这点比较简单,做过爬虫的一下子就会明白了,就不多说哦。
源文件
<?php$targeturl = "http://localhost/phpstorm/Test/index.php";if($_SERVER['HTTP_REFERER']!=$targeturl) {
//header("Location:".$targeturl); exit;
echo "本站防外链哦,请到 <br />
<a href='index.php'>点我访问资源页!!!</a>
<br />访问我们的资源哦!";
}else{
echo "可以正常的访问资源页面了!";
}涉及到的index.php文件简单的设置一个超链接即可,作用就是为资源也添加上一个Referer,来保证资源只能在本站访问的效果。
index.php文件内容
<?php echo "首页哦!"; echo "<h1 id="a-nbsp-href-url-php-点我访问资源页-a"><a href='url.php'>点我访问资源页!!!</a></h1>";
演示效果
大致可以通过这种方式实现防止外链的效果,但是如果使用这种方式,维护起来还是比较麻烦的。
总结
简单来回顾一下,在PHP中实现禁止非法访问看起来还是比较容易的,但是实际上这里面的学问还有很多很多,这里演示的不过是冰山一角上那头牛身上的一根微不足道的牛毛罢了。
从实用性的角度而言,各有各的好处,只能说各有利弊吧,不能说那一种更好,只能说哪一种更加适合。
通过添加身份标记的话比较轻便,也更加容易维护;通过URL路由控制的话维护起来比较麻烦,但是灵活性可能会有比较好的效果。
怎么说呢,具体情况具体分析吧。
The above is the detailed content of Detailed introduction to handling illegal access in PHP (picture). For more information, please follow other related articles on the PHP Chinese website!
Optimize PHP Code: Reducing Memory Usage & Execution TimeMay 10, 2025 am 12:04 AMTooptimizePHPcodeforreducedmemoryusageandexecutiontime,followthesesteps:1)Usereferencesinsteadofcopyinglargedatastructurestoreducememoryconsumption.2)LeveragePHP'sbuilt-infunctionslikearray_mapforfasterexecution.3)Implementcachingmechanisms,suchasAPC
PHP Email: Step-by-Step Sending GuideMay 09, 2025 am 12:14 AMPHPisusedforsendingemailsduetoitsintegrationwithservermailservicesandexternalSMTPproviders,automatingnotificationsandmarketingcampaigns.1)SetupyourPHPenvironmentwithawebserverandPHP,ensuringthemailfunctionisenabled.2)UseabasicscriptwithPHP'smailfunct
How to Send Email via PHP: Examples & CodeMay 09, 2025 am 12:13 AMThe best way to send emails is to use the PHPMailer library. 1) Using the mail() function is simple but unreliable, which may cause emails to enter spam or cannot be delivered. 2) PHPMailer provides better control and reliability, and supports HTML mail, attachments and SMTP authentication. 3) Make sure SMTP settings are configured correctly and encryption (such as STARTTLS or SSL/TLS) is used to enhance security. 4) For large amounts of emails, consider using a mail queue system to optimize performance.
Advanced PHP Email: Custom Headers & FeaturesMay 09, 2025 am 12:13 AMCustomheadersandadvancedfeaturesinPHPemailenhancefunctionalityandreliability.1)Customheadersaddmetadatafortrackingandcategorization.2)HTMLemailsallowformattingandinteractivity.3)AttachmentscanbesentusinglibrarieslikePHPMailer.4)SMTPauthenticationimpr
Guide to Sending Emails with PHP & SMTPMay 09, 2025 am 12:06 AMSending mail using PHP and SMTP can be achieved through the PHPMailer library. 1) Install and configure PHPMailer, 2) Set SMTP server details, 3) Define the email content, 4) Send emails and handle errors. Use this method to ensure the reliability and security of emails.
What is the best way to send an email using PHP?May 08, 2025 am 12:21 AMThebestapproachforsendingemailsinPHPisusingthePHPMailerlibraryduetoitsreliability,featurerichness,andeaseofuse.PHPMailersupportsSMTP,providesdetailederrorhandling,allowssendingHTMLandplaintextemails,supportsattachments,andenhancessecurity.Foroptimalu
Best Practices for Dependency Injection in PHPMay 08, 2025 am 12:21 AMThe reason for using Dependency Injection (DI) is that it promotes loose coupling, testability, and maintainability of the code. 1) Use constructor to inject dependencies, 2) Avoid using service locators, 3) Use dependency injection containers to manage dependencies, 4) Improve testability through injecting dependencies, 5) Avoid over-injection dependencies, 6) Consider the impact of DI on performance.
PHP performance tuning tips and tricksMay 08, 2025 am 12:20 AMPHPperformancetuningiscrucialbecauseitenhancesspeedandefficiency,whicharevitalforwebapplications.1)CachingwithAPCureducesdatabaseloadandimprovesresponsetimes.2)Optimizingdatabasequeriesbyselectingnecessarycolumnsandusingindexingspeedsupdataretrieval.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
Atom editor mac version download
The most popular open source editor
SublimeText3 English version
Recommended: Win version, supports code prompts!
Notepad++7.3.1
Easy-to-use and free code editor
