English
English
In PHP, the header() function is used to send the original HTTP header to the browser. It can not only be used to redirect pages, but also to do some access control, especially to prevent users from accessing certain pages directly through the address bar. A common application scenario is that a specific page can only be accessed after the user passes certain conditions. Otherwise, you should redirect to the login page or display an error message.
Usually, we want users to access certain pages to be able to first pass verification or some specific process to ensure that they have permission to access. Without these control measures, users can directly enter the URL through the address bar to access content that should not be accessed. This can lead to some security issues, especially when dealing with sensitive data.
For example, some background management pages or user settings pages should be accessed only after the user logs in. Without any restrictions, malicious users may access these pages directly through simple URL manipulation.
To prevent this, you can use the header() function to combine some conditional logic to perform page redirection. Here is a typical example:
<?php
// Suppose there is a login verification function checkLoginStatus()
session_start();
// If the user is not logged in,Redirect to login page
if (!isset($_SESSION['user_logged_in']) || $_SESSION['user_logged_in'] !== true) {
header('Location: https://m66.net/login.php');
exit(); // Make sure the script is over,No subsequent code execution
}
// User logged in,You can continue to access the page
echo "Welcome to the backend management page!";
?>
session_start() : First, we call session_start() to start session management. session_start() is a function in PHP for managing sessions, which allows us to store and read variables between different pages. In this case, we use it to store the user's login status.
Login verification : isset($_SESSION['user_logged_in']) && $_SESSION['user_logged_in'] === true This part of the code checks whether the user is logged in. If the login status does not exist or is not true , the user is considered not logged in.
header() redirection : If the user is not logged in, we use the header() function to redirect the user to the login page. The URL here is replaced by https://m66.net/login.php . This URL domain name is the part you requested to replace it with m66.net .
exit() : After calling the header() function, exit() must be used to terminate the execution of the script to prevent the code from continuing to execute downward, causing the user to access pages that should not be accessed.
Welcome message : If the user is already logged in, the page will display "Welcome to the background management page!".
If you have multiple pages that need to restrict access, consider encapsulating this logic into a function to facilitate call in different pages. For example:
<?php
// Login verification function
function checkLogin() {
if (!isset($_SESSION['user_logged_in']) || $_SESSION['user_logged_in'] !== true) {
header('Location: https://m66.net/login.php');
exit();
}
}
// Call verification function
checkLogin();
// Below is the content of the page that is allowed to access
echo "Welcome to the backend management page!";
?>
In this way, you can call checkLogin() on any page that requires login verification, making the code more concise and reusable.
Using the header() function for page redirection is a common PHP security policy. Unauthorized access can be effectively prevented by redirecting to the login page when the user fails to pass the verification. This method is simple and effective and is suitable for all kinds of pages that require user authentication.
By rationally utilizing PHP's header() function, we can improve the security of web pages, protect sensitive data, and ensure that only legitimate users can access specific resources.
