Fatal编程技术网
  • session/
  • Session 使用自动预结束文件(PHP)重定向循环

Session 使用自动预结束文件(PHP)重定向循环

session google-chrome

Session 使用自动预结束文件(PHP)重定向循环,session,google-chrome,lamp,redirect-loop,Session,Google Chrome,Lamp,Redirect Loop,我很好奇这是否是我的设置的问题,或者如果不小心使用auto_prepend_文件,是否会自然导致无限循环 我在我的php.ini文件中有下面一行 auto_prepend_file = "/etc/prepend.php" 然后我尝试访问一个简单的php文件 index.php: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML> <HEAD> <TITLE>

我很好奇这是否是我的设置的问题,或者如果不小心使用auto_prepend_文件,是否会自然导致无限循环

我在我的
php.ini文件中有下面一行


auto_prepend_file = "/etc/prepend.php"


然后我尝试访问一个简单的php文件

index.php:


<!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML>
   <HEAD>
      <TITLE>
         A Small Hello From The Tester
      </TITLE>
   </HEAD>
<BODY>
   <H1>TESTER</H1>
   <P>This is very minimal "hello world" HTML document.</P> 
</BODY>
</HTML>



<?php 
$USERS['username1'] = 'password1'; 
$USERS['username2'] = 'password2'; 
$USERS['username3'] = 'password3'; 

/**
 ** Query function to see if we are logged in. If the user is logged in,
 * the flow continues. If not, the user is redirected to a login screen.
 * @method check_logged
**/
function check_logged(){ 
   global $_SESSION, $USERS; 
   if (!array_key_exists($_SESSION['logged'],$USERS)) { 
      header('Location: /etc/login.php'); 
   }; 
}; 
?>



<?php 

/**
 * Initialize session 
 */
session_start(); 

/**
 * Include passwords.php which will check to see if we are logged in
 */
include("/etc/passwords.php"); 

/**
 * I think this checks to see if the form has been submitted
 */
if ($_POST["ac"]=="log") {
   if ($USERS[$_POST["username"]] == $_POST["password"]) {
      //username and password exist in $USERS array  
      $_SESSION["logged"]=$_POST["username"]; 
   } else { 
      echo 'Incorrect username/password. Please, try again.'; 
   }; 
}; 
if (array_key_exists($_SESSION["logged"],$USERS)) { //// check if user is logged or not  
   echo "You are logged in."; //// if user is logged show a message  
} else { //// if not logged show login form 
   echo '<form action="login.php" method="post"><input type="hidden" name="ac" value="log"> '; 
   echo 'Username: <input type="text" name="username" /><br />'; 
   echo 'Password: <input type="password" name="password" /><br />'; 
   echo '<input type="submit" value="Login" />'; 
   echo '</form>'; 
}; 
?>



<?php 

/**
 * Initialize session 
 */
session_start();

/**
 * Include passwords.php which will check to see if we are logged in
 */
include('/etc/passwords.php'); 

/**
 * Check to see if we are logged in or not. If not, the
 * user is redirected to login.php page
 */
check_logged();
?>




来自测试人员的简短问候
测试员

 这是一个非常简单的“hello world”HTML文档。



我或多或少从中提取的会话文件。我意识到这不是最先进的不可穿透的安全性,但对于测试来说已经足够好了

passwords.php:


<!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML>
   <HEAD>
      <TITLE>
         A Small Hello From The Tester
      </TITLE>
   </HEAD>
<BODY>
   <H1>TESTER</H1>
   <P>This is very minimal "hello world" HTML document.</P> 
</BODY>
</HTML>



<?php 
$USERS['username1'] = 'password1'; 
$USERS['username2'] = 'password2'; 
$USERS['username3'] = 'password3'; 

/**
 ** Query function to see if we are logged in. If the user is logged in,
 * the flow continues. If not, the user is redirected to a login screen.
 * @method check_logged
**/
function check_logged(){ 
   global $_SESSION, $USERS; 
   if (!array_key_exists($_SESSION['logged'],$USERS)) { 
      header('Location: /etc/login.php'); 
   }; 
}; 
?>



<?php 

/**
 * Initialize session 
 */
session_start(); 

/**
 * Include passwords.php which will check to see if we are logged in
 */
include("/etc/passwords.php"); 

/**
 * I think this checks to see if the form has been submitted
 */
if ($_POST["ac"]=="log") {
   if ($USERS[$_POST["username"]] == $_POST["password"]) {
      //username and password exist in $USERS array  
      $_SESSION["logged"]=$_POST["username"]; 
   } else { 
      echo 'Incorrect username/password. Please, try again.'; 
   }; 
}; 
if (array_key_exists($_SESSION["logged"],$USERS)) { //// check if user is logged or not  
   echo "You are logged in."; //// if user is logged show a message  
} else { //// if not logged show login form 
   echo '<form action="login.php" method="post"><input type="hidden" name="ac" value="log"> '; 
   echo 'Username: <input type="text" name="username" /><br />'; 
   echo 'Password: <input type="password" name="password" /><br />'; 
   echo '<input type="submit" value="Login" />'; 
   echo '</form>'; 
}; 
?>



<?php 

/**
 * Initialize session 
 */
session_start();

/**
 * Include passwords.php which will check to see if we are logged in
 */
include('/etc/passwords.php'); 

/**
 * Check to see if we are logged in or not. If not, the
 * user is redirected to login.php page
 */
check_logged();
?>






login.php:


<!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML>
   <HEAD>
      <TITLE>
         A Small Hello From The Tester
      </TITLE>
   </HEAD>
<BODY>
   <H1>TESTER</H1>
   <P>This is very minimal "hello world" HTML document.</P> 
</BODY>
</HTML>



<?php 
$USERS['username1'] = 'password1'; 
$USERS['username2'] = 'password2'; 
$USERS['username3'] = 'password3'; 

/**
 ** Query function to see if we are logged in. If the user is logged in,
 * the flow continues. If not, the user is redirected to a login screen.
 * @method check_logged
**/
function check_logged(){ 
   global $_SESSION, $USERS; 
   if (!array_key_exists($_SESSION['logged'],$USERS)) { 
      header('Location: /etc/login.php'); 
   }; 
}; 
?>



<?php 

/**
 * Initialize session 
 */
session_start(); 

/**
 * Include passwords.php which will check to see if we are logged in
 */
include("/etc/passwords.php"); 

/**
 * I think this checks to see if the form has been submitted
 */
if ($_POST["ac"]=="log") {
   if ($USERS[$_POST["username"]] == $_POST["password"]) {
      //username and password exist in $USERS array  
      $_SESSION["logged"]=$_POST["username"]; 
   } else { 
      echo 'Incorrect username/password. Please, try again.'; 
   }; 
}; 
if (array_key_exists($_SESSION["logged"],$USERS)) { //// check if user is logged or not  
   echo "You are logged in."; //// if user is logged show a message  
} else { //// if not logged show login form 
   echo '<form action="login.php" method="post"><input type="hidden" name="ac" value="log"> '; 
   echo 'Username: <input type="text" name="username" /><br />'; 
   echo 'Password: <input type="password" name="password" /><br />'; 
   echo '<input type="submit" value="Login" />'; 
   echo '</form>'; 
}; 
?>



<?php 

/**
 * Initialize session 
 */
session_start();

/**
 * Include passwords.php which will check to see if we are logged in
 */
include('/etc/passwords.php'); 

/**
 * Check to see if we are logged in or not. If not, the
 * user is redirected to login.php page
 */
check_logged();
?>






prepend.php:


<!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML>
   <HEAD>
      <TITLE>
         A Small Hello From The Tester
      </TITLE>
   </HEAD>
<BODY>
   <H1>TESTER</H1>
   <P>This is very minimal "hello world" HTML document.</P> 
</BODY>
</HTML>



<?php 
$USERS['username1'] = 'password1'; 
$USERS['username2'] = 'password2'; 
$USERS['username3'] = 'password3'; 

/**
 ** Query function to see if we are logged in. If the user is logged in,
 * the flow continues. If not, the user is redirected to a login screen.
 * @method check_logged
**/
function check_logged(){ 
   global $_SESSION, $USERS; 
   if (!array_key_exists($_SESSION['logged'],$USERS)) { 
      header('Location: /etc/login.php'); 
   }; 
}; 
?>



<?php 

/**
 * Initialize session 
 */
session_start(); 

/**
 * Include passwords.php which will check to see if we are logged in
 */
include("/etc/passwords.php"); 

/**
 * I think this checks to see if the form has been submitted
 */
if ($_POST["ac"]=="log") {
   if ($USERS[$_POST["username"]] == $_POST["password"]) {
      //username and password exist in $USERS array  
      $_SESSION["logged"]=$_POST["username"]; 
   } else { 
      echo 'Incorrect username/password. Please, try again.'; 
   }; 
}; 
if (array_key_exists($_SESSION["logged"],$USERS)) { //// check if user is logged or not  
   echo "You are logged in."; //// if user is logged show a message  
} else { //// if not logged show login form 
   echo '<form action="login.php" method="post"><input type="hidden" name="ac" value="log"> '; 
   echo 'Username: <input type="text" name="username" /><br />'; 
   echo 'Password: <input type="password" name="password" /><br />'; 
   echo '<input type="submit" value="Login" />'; 
   echo '</form>'; 
}; 
?>



<?php 

/**
 * Initialize session 
 */
session_start();

/**
 * Include passwords.php which will check to see if we are logged in
 */
include('/etc/passwords.php'); 

/**
 * Check to see if we are logged in or not. If not, the
 * user is redirected to login.php page
 */
check_logged();
?>






现在,如果我在网络浏览器上输入
www.example.com/index.php
,Chrome会抱怨

此网页在以下位置有一个重定向循环:
导致了太多
重定向。正在清除此站点的Cookie或允许第三方
cookies可以解决这个问题。如果不是,则可能是服务器
配置问题,而不是计算机的问题。这是
一些建议:稍后重新加载此网页。了解更多有关此的信息
问题错误310(net::ERR_TOO_MANY_重定向):重定向太多
重定向


如果您想知道,清除缓存并不能解决问题。看看代码,有人能告诉我重定向循环是否会自然产生吗?如果是的话,我该如何补救呢。如果没有,有没有关于为什么会发生这种情况的想法?如果需要,我也可以发布我的虚拟主机配置文件。
Puk,您不能从autoprepend脚本中执行登录/注销代码。为什么?因为如果我是您的用户之一,要使其正常工作,这些脚本,尤其是passwords.php(或者如果要将其存储在数据库中,则访问凭据)必须能够在您使用SUPPP时由我的UID读取。这意味着我可以访问其他用户的凭据。然后,我可以使用它来模拟该用户B的登录,从而访问他的网页

我解释了如何在计算机上执行此操作

顺便说一句,我只是想回答你提出的问题:“我很好奇这是否是我的设置的问题,或者如果不小心使用auto_prepend_文件,自然会导致无限循环。”


A:代码中存在逻辑缺陷。登录表单有一个操作“logon.php”,然后在处理登录脚本之前执行前置命令。此prepend.php检测到用户未登录,因此重定向到logon.php。所以chrome检测到logon.php的请求重定向到logon.php,并引发您列出的错误。
Puk,我说过我今天会回来给您一个正确的答案。为什么不在我们的讨论中讨论这个问题呢。问什么本质上是相同的,有六种不同的方式,这有点违背了SO的精神。“你们只是浪费了回答者的时间。”TerryE抱歉,我回去在我们的讨论中详细阐述了