How to avoid code analysis that users directly enter in the PHP backend

不言
Release: 2023-04-01 08:58:02
Original
1409 people have browsed it

This article introduces how to prevent users from directly entering method instances in the PHP background. Friends in need can refer to it

1) Create a BaseController controller and inherit the Controller (all operations in the background must inherit the BaseController):

Add in BaseController:

public function checkLogin() { 

        if (Yii::app()->authority->isLogin() == Yii::app()->authority->getStatus('NOTLOGIN')) { 
            $url = $this->createUrl('user/login'); 
            if (Yii::app()->request->isPostRequest && Yii::app()->request->isAjaxRequest) { 
                echo json_encode(array('code' => -101, 'message' => '用户未登录。', 'callback' => 'window.location="' . $url . '";')); 
            } else if (Yii::app()->request->isAjaxRequest) { 
                echo &#39;<script language="javascript">window.location="&#39; . $url . &#39;";</script>&#39;; 
            } else { 
                $this->redirect($url); 
            } 
            exit; 
        } 
        return true; 
    }
Copy after login

Create the Authority.php file in the components directory:

<?php 

/** 
 * 权限检查组件 
 */
class Authority extends CComponent { 
    private $NOTLOGIN = -1; 
    private $FAILED = -2; 
    private $PASS = 1; 

    public function init() { 

    } 

    /** 
     * 检查是否登陆 
     * @return boolean  
     */
    function isLogin() { 
        return isset(Yii::app()->session[&#39;user&#39;]) ? $this->PASS : $this->NOTLOGIN; 
    } 

   
    /** 
     * 获取状态值 
     * @param string $name 
     * @return int  
     */
    public function getStatus($name){ 
        return $this->$name; 
    } 
}
Copy after login

The above is the entire content of this article, I hope it will be helpful to everyone's study. For more related content, please pay attention to the PHP Chinese website!

Related recommendations:

About the analysis of the facade pattern in PHP

How to use smtp in php to send supported attachments s mail

The above is the detailed content of How to avoid code analysis that users directly enter in the PHP backend. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template