PHP 注销脚本,框架集中有 4 个框架

发布于 2024-10-01 05:52:39 字数 517 浏览 8 评论 0原文

我有一个研究 logout.php 文件,它工作得非常好,但是我面临的问题是将脚本放入一个新的“内联网样式”管理站点,该站点在框架集中使用 4 个框架(标题、左、中、右)。

我需要满足两个要求,我很难找到解决方案(是的,我知道框架对于当今的消费者网站来说很糟糕,但重申一下,这是针对到处都有小部件的内部系统管理面板)。

  1. 当用户单击顶部框架中的“注销”按钮时,整个页面将定向到 logout.php,然后重定向到单个页面“home.php”。截至目前,点击注销只会将该特定框架带到我想要的目的地。

  2. 当用户登录时,会创建一个SESSION变量并设置为true;如果在没有 SESSION[validated]= true 的情况下访问页面,则用户将被注销。与上面类似,如果发生这种情况,我需要将整个框架集定向到 logout.php。

我试图在没有 javascript 的情况下实现这一点(因为这显然可以简单地被禁用,并且 JS 并不是真正的安全措施)。

过去有人处理过这个问题吗?

I have a study logout.php file which works fantastically, the issue I am faced with however is putting the script into a new 'intranet style' administrative site which uses 4 frames within a frameset (header, left, center, right).

There are two requirements I need to meet which I am having a very difficult time finding a solution to (yes I know frames suck for today's consumer sites but to reiterate, this is for an internal system administration panel with widgets everywhere).

  1. When a user clicks the 'logout' button in the top frame, the ENTIRE page is directed to logout.php which then redirects to a single page "home.php". As of now, hitting logout only takes that particular frame to my desired destination.

  2. When a user logs in, a SESSION variables is created and set to true; if pages are visited without SESSION[validated]= true, the user is logged out. Similarly to above, IF this happens, I need the ENTIRE frameset directed to logout.php.

I am trying to achieve this without javascript (as this can obviously simply be disabled and JS is not a true measure for security).

Anybody ever dealt with this issue in the past?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

救赎№ 2024-10-08 05:52:39

注销按钮是链接吗?如果是这样,你不能使用 target="_parent" 让它改变框架集的页面吗?

编辑
回复 #2:如果会话超时,您可以创建一个带有使用 target=_parent 和下面的 JavaScript 的链接的中间页面,这两个页面都会跳出框架。

<script type="text/javascript">
if (top.location != self.location) top.location = 'login.php'
</script>

这很好,因为如果他们启用了 JavaScript,他们甚至不会注意到,如果没有,他们仍然会突破框架。

Is the logout button a link? If so, can't you use target="_parent" to make it change the page with the frameset?

Edit
Re #2: If the session is timed out, you could make an intermediary page with a link that uses target=_parent and the JavaScript below, both of which would break out of the frame.

<script type="text/javascript">
if (top.location != self.location) top.location = 'login.php'
</script>

This is good because if they have JavaScript enabled, they won't even notice and if they don't, they still will break out of the frames.

烧了回忆取暖 2024-10-08 05:52:39

第 1 部分的解决方案:

制作一个如下所示的注销按钮:

<a href="/logout.php" target="_top">logout</a>

然后让 logout.php 完成注销的所有艰苦工作(可能只是清除会话),然后将用户重定向到正确的框架集(使用 PHP 的 header 命令进行重定向) 。

第 2 部分的解决方案:

这不应该随机发生。如果您登录,您的会话将设置为 valided = true。您不会“遇到”您的会话恰好相反的页面。

但是,您可以包含一个 PHP 文件(或者,如果您足够聪明,可以在您的单一入口点中执行此操作),以便在您的会话因某种原因失效时重定向到注销页面。参见上面 1。

Solution to part 1:

Make a logout button like this:

<a href="/logout.php" target="_top">logout</a>

Then make logout.php do all the hard work for logging out (probably just clearing the session), and then redirects the user to the proper frameset (use PHP's header command for redirecting).

Solution to part 2:

This should not randomly happen. If you login, your session is set to validated = true. You do not "encounter" a page where your sessions happens to be otherwise.

However, you could include a PHP file (or if you have been smart enough to do so, make this happen in your single point of entry) to redirect to a logout page if your session is somehow invalidated. See 1 above.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文