网站维护模式

Question

I'm trying to create a fairly simple yet effective maintenance setting on our site. The way that the function should work is if the user lands on any page on the site, except from https://www.ourbusiness.org/assets/home2.do/unlock-maintenance and https://www.ourbusiness.org/legal/all the header() function will kick in and redirect the user to https://www.ourbusiness.org/error/offline/. I have seen the other questions, particularly this one but in this one I thought it could be improved; by adding such a little amount of code.

首先是我们的 config.php 文件：

Config.Run.php:

<?php
define("URL", "https://www.ourbusiness.org");
define("MAINTENANCE", "1");

if(MAINTENANCE == 1) {
    if(!isset($_SESSION['MAINTENANCE_UNLOCK'])) {
        header("Location: ".URL."/error/offline/");
    }
}

解锁-maintenance.php

<?php
    include "Config.Run.php";
    session_start();

    if(isset($_POST)) {
        if($_POST['username'] == "admin" && $_POST['password'] == "admin") {
            $_SESSION['MAINTENANCE_UNLOCK'] = md5($_POST['username'].$_POST['password']);
            header("Location: ".URL."");
        }
    }
?>
<form action="" method="post">
    <h1>You are not logged in</h1>
    <b>Username: </b><input type="text" name="username" />
    <b>Password: </b><input type="password" name="password" />
    <input type="text" value="Unlock <?php echo TITLE; ?>" />
</form>

为什么这不起作用？我什至无法访问文件来解锁网站，也无法访问目录 legal

中的任何页面

Answer 1

简短的回答是....

session_start();

if(isset($_POST)) {
    if($_POST['username'] == "admin" && $_POST['password'] == "admin") {
        $_SESSION['MAINTENANCE_UNLOCK'] = md5($_POST['username'].$_POST['password']);
        header("Location: ".URL."");
    }
}

include "Config.Run.php";

另外..在另一个脚本上做..

if(MAINTENANCE == 1 && !isset($_SESSION['MAINTENANCE_UNLOCK'])) {
        header("Location: ".URL."/error/offline/");
    }
}

..将这些调高。我知道我应该包括详细信息，但它们在评论中。

Answer 2

Be aware if anybody decides to use this that it is not the most secure authentication system

在修改我们的代码后，我已经解决了这个问题 - 我想出了一个非常有效的解决方案。请在下面查看我们的结果：

我们的内部 Config.Run.php:

define("URL", "https://www.ourbusiness.org");
define("MAINTENANCE", "1");

if(MAINTENANCE == 1) {
    if(!isset($_SESSION['MAINTENANCE_UNLOCK'])) {
        $current_file = explode('/', getcwd());
        $current_file = end($current_file);
        if ($current_file !== 'unlock-maintenance' && $current_file !== 'offline') {
            header("Location: ".URL."/error/offline/");
            exit();
        }
    }
}

并且在我们的 unlock-maintenance 目录中（默认文件 index.php）

<h2>Maintenance log in</h2>
<?php
if(isset($_POST) && !empty($_POST)) {
    if($_POST['username'] == "admin" && $_POST['password'] == "admin") {
        $_SESSION['MAINTENANCE_UNLOCK'] = md5($_POST['username'].$_POST['password']);
        header("Location: ".URL."");
    } else {
        echo '<p class="err_msg">That login attempt failed, please try again.</p>';
    }
} else {
    echo '<p>You must login using your username and password.</p>';
}

?>
<form action="" method="post">
    <div class="input_group">
        <label>Username</label>
        <input type="text" class="input" name="username" value="">
    </div>
    <div class="input_group">
        <label>Password</label>
        <input type="password" class="input" name="password" value="">
    </div>
    <input type="submit" value="Login" />
</form>

我希望这对一直在寻找相当好的维护系统的任何人有所帮助。

Remember you can add further functionality to this add logout link, change header/footer include depending if logged in or not etc.

网站维护模式

Website Maintenance Mode

php

maintenance

maintenance-mode