For pages that require authentication, it is best to use Apache server Authentication.
However, the Apache server verifies that the interface is not friendly. And it's not all the case
can use Apache server authentication, such as PHP under CGI mode Php,iis.
Session can be used to save user identities between different pages, such as
login.php
if ($name = = "" && $pass = = "")
{
?>
}
Else
{
if ($name! = "UUU" | | $pass! = "PPP")
{
echo "Login fail!";
}
Else
{
Session_register ("user");
Session_register ("passwd");
$user = $name;
$passwd = $pass;
echo "ok!
Next Page ";
}
}
?>
next.php
Session_Start ();
echo "Username: $user";
?>
However, users can use the HTTP://DOMAIN.NAME.COM/NEXT.PHP?USER=UUU
To bypass authentication.
So, the actual next.php must be this:
Session_Start ();
if (!session_is_registered ("user"))
{
echo "Login fail";
}
Else
{
echo "Username: $user";
}
?>
Use session_is_registered () to detect session variables,
Thus, the use of the session has been the basic realization of the identity of the reliable authentication.
http://www.bkjia.com/PHPjc/532515.html www.bkjia.com true http://www.bkjia.com/PHPjc/532515.html techarticle for pages that require authentication, it is best to use Apache server Authentication. However, the Apache server verifies that the interface is not friendly. Moreover, not all the circumstances can be ...