How PHP defines filters like Javaweb

PHP Unified Authentication User login, prevent user input link in the non-login state to enter the site some interface

We know that the filter in PHP is simply filtering the data input, and not like Java servlet technology, according to the configuration to intercept a certain URL filter, so that before the request, and issued, can be free and transparent processing of requests and outputs, and can be forwarded, the function is quite powerful, Most of the knowledge of Java filter is through the character encoding filter to understand the filter, and then in the actual project a large number of filters, the function is very powerful, but also allows the Java MVC framework to use filters to forward, define a variety of processing methods, but it seems that PHP does not, I'm using the thinkphp framework, but this framework is not provided, but I think the problem itself is not difficult, so I would like to have a setup, or in some places any request to go through it, I want to find in the framework of thinkphp, but the time, there are other projects continue, no time. So on the internet to think of a solution,

In the PHP configuration file php.ini file has a setting auto_prepend_file= "a file" This setting is to add this file in front of each php file, usually php files, I add is filter.php, put this file into The contents of filter.php in the php.ini's sibling directory are

$url = $_server["Php_self"];        $url = substr ($url, strlen ($url) -8,2),//echo $url, if ($_server["php_self"] = = '/miaomi/index.php/index/login ') | | ($_server["php_self"] = = '/miaomi/index.php ') | | $url = = ' in ') {}else{session_start (), if ((!isset ($_session[' username '))) {echo "";}}

Here is my business logic, you can see my access to the user path, as well as the session has been judged, the purpose is to prevent the user in the logon request is intercepted, resulting in a dead loop, but also prevent some non-login also accessible pages are not blocked (users can define the directory, or define an array to hold these interfaces and make judgments) output the script to the page so that you can redirect the user interface, of course, you can also pop up the alert

From here we can see that the danger of scripting attacks, if this is the case of criminals can change your configuration file on your server, the simplest to add a script, the page redirect to Huangwang, that's hehe, this is something, I am a novice!

The above describes how PHP defines the filter to Javaweb, including the content, and I hope to be interested in the PHP tutorial friends helpful.

