The tp framework prevents entering the background by typing the address after logging in

<?php
namespace AdminController;
use ThinkController;
class IndexController extends Controller {
public function index(){
    $this->display();
}

public function login(){
    $username = I(&#39;username&#39;);
    $password = I(&#39;password&#39;);

    $user = D(&#39;User&#39;);
    $res = $user->where(array(&#39;username&#39;=>$username))->find();
    // dump($res);die;
    if(!$res || md5($password) != $res[&#39;password&#39;]){
        $this->error(&#39;用户名或密码错误&#39;);
    }else{
        session(&#39;username&#39;,$res[&#39;username&#39;]);
        session(&#39;id&#39;,$res[&#39;id&#39;]);
        session(&#39;create_time&#39;,$res[&#39;create_time&#39;]);
        //dump(session());die;    
        $this->redirect(&#39;/Admin/Main/index&#39;); //跳转到后台管理                
    }
}
//清空
public function loginout(){
    session(null); 
    //dump(session());
    $this->redirect(&#39;/Admin/Index/index&#39;);
}
}

---

<?php        
//后台页面的控制器
namespace AdminController;
use ThinkController;
class MainController extends Controller {
public function index(){            
$this->display();         
}
}

How should I judge? I can’t enter the login page or backend system at will by typing the address in the address bar

Reply content:

<?php
namespace AdminController;
use ThinkController;
class IndexController extends Controller {
public function index(){
   $this->display();
}

public function login(){
   $username = I(&#39;username&#39;);
   $password = I(&#39;password&#39;);

   $user = D(&#39;User&#39;);
   $res = $user->where(array(&#39;username&#39;=>$username))->find();
   // dump($res);die;
   if(!$res || md5($password) != $res[&#39;password&#39;]){
       $this->error(&#39;用户名或密码错误&#39;);
   }else{
       session(&#39;username&#39;,$res[&#39;username&#39;]);
       session(&#39;id&#39;,$res[&#39;id&#39;]);
       session(&#39;create_time&#39;,$res[&#39;create_time&#39;]);
       //dump(session());die;    
       $this->redirect(&#39;/Admin/Main/index&#39;); //跳转到后台管理                
   }
}
//清空
public function loginout(){
   session(null); 
   //dump(session());
   $this->redirect(&#39;/Admin/Index/index&#39;);
}
}
<?php        //后台页面的控制器
namespace AdminController;
use ThinkController;
class MainController extends Controller {
public function index(){    
       $this->display();         
}
}

How should I judge? I can’t enter the login page or backend system at will by typing the address in the address bar

In Index In the __initialize method of the controller, determine whether your session has been assigned a value. There is no jump to login.
For specific reference
TP framework __initialize method

It seems that you don’t want others to enter the background, that is, the login page is not allowed to enter, right? If you can try configuring accessible modules. If you want to judge whether the person is logged in or not, then you need to judge the session. I will give you some information and you can try it. If you can, deploy it to the server settings and do not set it locally. Access is prohibited. The module

    3.2对模块的访问是自动判断的，所以通常情况下无需配置模块列表即可访问，但可以配置禁止访问的模块列表（用于被其他模块调用或者不开放访问），默认配置中是禁止访问Common模块和Runtime模块（Runtime目录是默认的运行时目录），我们可以增加其他的禁止访问模块列表：

        // 设置禁止访问的模块列表
        'MODULE_DENY_LIST' => array('Common','Runtime','Api'),

    设置后，Api模块不能通过URL直接访问，事实上，可能我们只是在该模块下面放置一些公共的接口文件，因此都是内部调用即可。
    设置访问列表

    如果你的应用下面模块比较少，还可以设置允许访问列表和默认模块，这样可以简化默认模块的URL访问。

        ***'MODULE_ALLOW_LIST' => array('Home','Admin','User'),***
        'DEFAULT_MODULE' => 'Home',

    设置之后，除了Home、Admin和User模块之外的模块都不能被直接访问，并且Home模块是默认访问模块（可以不出现在URL地址）。

is not allowed to enter the login page. How to log in to the backend system?

In fact, it is a question of judging whether there is verification.

TP can write a base class (

BaseController

), and then all controllers that need verification should Inherit this base class.

isAuth()) {
            $this->redirectToLogin();
        }
    }
    
    private function isAuth()
    {
        //验证是否登录
    }
    
    private function redirectToLogin()
    {
        //跳转到登录页面
    }
}

For example, there is an administrator controller in the background

class AdminController extends BaseController
{
    public function __construct()
    {
        parent::__construct();
    }
}

This is TP's approach, but frameworks like symfony come with their own verification classes, which can easily perform http verification, accesstoken verification and Customized verification method.

It is impossible not to allow access to the login page, otherwise your business staff will not be able to log in. If your front-end and back-end are the same user system, then verify whether the front-end login user has the permission to enter the back-end. Just display the login page normally without logging in. As long as you don't let the search engine grab your back-end login address

Write a public function to determine whether it is logged in

function isLogin(){
    if(I('session.uid')){
        return true;
    }else{
        return false;   
    }
}

Then write it in the __initialize method of the background controller

if(!isLogin()){
    $this->redirect('/login') //重定向到登录页
}