Session 使用自动预结束文件(PHP)重定向循环
我很好奇这是否是我的设置的问题,或者如果不小心使用auto_prepend_文件,是否会自然导致无限循环 我在我的Session 使用自动预结束文件(PHP)重定向循环,session,google-chrome,lamp,redirect-loop,Session,Google Chrome,Lamp,Redirect Loop,我很好奇这是否是我的设置的问题,或者如果不小心使用auto_prepend_文件,是否会自然导致无限循环 我在我的php.ini文件中有下面一行 auto_prepend_file = "/etc/prepend.php" 然后我尝试访问一个简单的php文件 index.php: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML> <HEAD> <TITLE>
php.ini文件中有下面一行
auto_prepend_file = "/etc/prepend.php"
然后我尝试访问一个简单的php文件
index.php:
<!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML>
<HEAD>
<TITLE>
A Small Hello From The Tester
</TITLE>
</HEAD>
<BODY>
<H1>TESTER</H1>
<P>This is very minimal "hello world" HTML document.</P>
</BODY>
</HTML>
<?php
$USERS['username1'] = 'password1';
$USERS['username2'] = 'password2';
$USERS['username3'] = 'password3';
/**
** Query function to see if we are logged in. If the user is logged in,
* the flow continues. If not, the user is redirected to a login screen.
* @method check_logged
**/
function check_logged(){
global $_SESSION, $USERS;
if (!array_key_exists($_SESSION['logged'],$USERS)) {
header('Location: /etc/login.php');
};
};
?>
<?php
/**
* Initialize session
*/
session_start();
/**
* Include passwords.php which will check to see if we are logged in
*/
include("/etc/passwords.php");
/**
* I think this checks to see if the form has been submitted
*/
if ($_POST["ac"]=="log") {
if ($USERS[$_POST["username"]] == $_POST["password"]) {
//username and password exist in $USERS array
$_SESSION["logged"]=$_POST["username"];
} else {
echo 'Incorrect username/password. Please, try again.';
};
};
if (array_key_exists($_SESSION["logged"],$USERS)) { //// check if user is logged or not
echo "You are logged in."; //// if user is logged show a message
} else { //// if not logged show login form
echo '<form action="login.php" method="post"><input type="hidden" name="ac" value="log"> ';
echo 'Username: <input type="text" name="username" /><br />';
echo 'Password: <input type="password" name="password" /><br />';
echo '<input type="submit" value="Login" />';
echo '</form>';
};
?>
<?php
/**
* Initialize session
*/
session_start();
/**
* Include passwords.php which will check to see if we are logged in
*/
include('/etc/passwords.php');
/**
* Check to see if we are logged in or not. If not, the
* user is redirected to login.php page
*/
check_logged();
?>
来自测试人员的简短问候
测试员
这是一个非常简单的“hello world”HTML文档。
我或多或少从中提取的会话文件。我意识到这不是最先进的不可穿透的安全性,但对于测试来说已经足够好了
passwords.php:
<!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML>
<HEAD>
<TITLE>
A Small Hello From The Tester
</TITLE>
</HEAD>
<BODY>
<H1>TESTER</H1>
<P>This is very minimal "hello world" HTML document.</P>
</BODY>
</HTML>
<?php
$USERS['username1'] = 'password1';
$USERS['username2'] = 'password2';
$USERS['username3'] = 'password3';
/**
** Query function to see if we are logged in. If the user is logged in,
* the flow continues. If not, the user is redirected to a login screen.
* @method check_logged
**/
function check_logged(){
global $_SESSION, $USERS;
if (!array_key_exists($_SESSION['logged'],$USERS)) {
header('Location: /etc/login.php');
};
};
?>
<?php
/**
* Initialize session
*/
session_start();
/**
* Include passwords.php which will check to see if we are logged in
*/
include("/etc/passwords.php");
/**
* I think this checks to see if the form has been submitted
*/
if ($_POST["ac"]=="log") {
if ($USERS[$_POST["username"]] == $_POST["password"]) {
//username and password exist in $USERS array
$_SESSION["logged"]=$_POST["username"];
} else {
echo 'Incorrect username/password. Please, try again.';
};
};
if (array_key_exists($_SESSION["logged"],$USERS)) { //// check if user is logged or not
echo "You are logged in."; //// if user is logged show a message
} else { //// if not logged show login form
echo '<form action="login.php" method="post"><input type="hidden" name="ac" value="log"> ';
echo 'Username: <input type="text" name="username" /><br />';
echo 'Password: <input type="password" name="password" /><br />';
echo '<input type="submit" value="Login" />';
echo '</form>';
};
?>
<?php
/**
* Initialize session
*/
session_start();
/**
* Include passwords.php which will check to see if we are logged in
*/
include('/etc/passwords.php');
/**
* Check to see if we are logged in or not. If not, the
* user is redirected to login.php page
*/
check_logged();
?>
login.php:
<!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML>
<HEAD>
<TITLE>
A Small Hello From The Tester
</TITLE>
</HEAD>
<BODY>
<H1>TESTER</H1>
<P>This is very minimal "hello world" HTML document.</P>
</BODY>
</HTML>
<?php
$USERS['username1'] = 'password1';
$USERS['username2'] = 'password2';
$USERS['username3'] = 'password3';
/**
** Query function to see if we are logged in. If the user is logged in,
* the flow continues. If not, the user is redirected to a login screen.
* @method check_logged
**/
function check_logged(){
global $_SESSION, $USERS;
if (!array_key_exists($_SESSION['logged'],$USERS)) {
header('Location: /etc/login.php');
};
};
?>
<?php
/**
* Initialize session
*/
session_start();
/**
* Include passwords.php which will check to see if we are logged in
*/
include("/etc/passwords.php");
/**
* I think this checks to see if the form has been submitted
*/
if ($_POST["ac"]=="log") {
if ($USERS[$_POST["username"]] == $_POST["password"]) {
//username and password exist in $USERS array
$_SESSION["logged"]=$_POST["username"];
} else {
echo 'Incorrect username/password. Please, try again.';
};
};
if (array_key_exists($_SESSION["logged"],$USERS)) { //// check if user is logged or not
echo "You are logged in."; //// if user is logged show a message
} else { //// if not logged show login form
echo '<form action="login.php" method="post"><input type="hidden" name="ac" value="log"> ';
echo 'Username: <input type="text" name="username" /><br />';
echo 'Password: <input type="password" name="password" /><br />';
echo '<input type="submit" value="Login" />';
echo '</form>';
};
?>
<?php
/**
* Initialize session
*/
session_start();
/**
* Include passwords.php which will check to see if we are logged in
*/
include('/etc/passwords.php');
/**
* Check to see if we are logged in or not. If not, the
* user is redirected to login.php page
*/
check_logged();
?>
prepend.php:
<!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML>
<HEAD>
<TITLE>
A Small Hello From The Tester
</TITLE>
</HEAD>
<BODY>
<H1>TESTER</H1>
<P>This is very minimal "hello world" HTML document.</P>
</BODY>
</HTML>
<?php
$USERS['username1'] = 'password1';
$USERS['username2'] = 'password2';
$USERS['username3'] = 'password3';
/**
** Query function to see if we are logged in. If the user is logged in,
* the flow continues. If not, the user is redirected to a login screen.
* @method check_logged
**/
function check_logged(){
global $_SESSION, $USERS;
if (!array_key_exists($_SESSION['logged'],$USERS)) {
header('Location: /etc/login.php');
};
};
?>
<?php
/**
* Initialize session
*/
session_start();
/**
* Include passwords.php which will check to see if we are logged in
*/
include("/etc/passwords.php");
/**
* I think this checks to see if the form has been submitted
*/
if ($_POST["ac"]=="log") {
if ($USERS[$_POST["username"]] == $_POST["password"]) {
//username and password exist in $USERS array
$_SESSION["logged"]=$_POST["username"];
} else {
echo 'Incorrect username/password. Please, try again.';
};
};
if (array_key_exists($_SESSION["logged"],$USERS)) { //// check if user is logged or not
echo "You are logged in."; //// if user is logged show a message
} else { //// if not logged show login form
echo '<form action="login.php" method="post"><input type="hidden" name="ac" value="log"> ';
echo 'Username: <input type="text" name="username" /><br />';
echo 'Password: <input type="password" name="password" /><br />';
echo '<input type="submit" value="Login" />';
echo '</form>';
};
?>
<?php
/**
* Initialize session
*/
session_start();
/**
* Include passwords.php which will check to see if we are logged in
*/
include('/etc/passwords.php');
/**
* Check to see if we are logged in or not. If not, the
* user is redirected to login.php page
*/
check_logged();
?>
现在,如果我在网络浏览器上输入www.example.com/index.php
,Chrome会抱怨
此网页在以下位置有一个重定向循环:
导致了太多
重定向。正在清除此站点的Cookie或允许第三方
cookies可以解决这个问题。如果不是,则可能是服务器
配置问题,而不是计算机的问题。这是
一些建议:稍后重新加载此网页。了解更多有关此的信息
问题错误310(net::ERR_TOO_MANY_重定向):重定向太多
重定向
如果您想知道,清除缓存并不能解决问题。看看代码,有人能告诉我重定向循环是否会自然产生吗?如果是的话,我该如何补救呢。如果没有,有没有关于为什么会发生这种情况的想法?如果需要,我也可以发布我的虚拟主机配置文件。Puk,您不能从autoprepend脚本中执行登录/注销代码。为什么?因为如果我是您的用户之一,要使其正常工作,这些脚本,尤其是passwords.php(或者如果要将其存储在数据库中,则访问凭据)必须能够在您使用SUPPP时由我的UID读取。这意味着我可以访问其他用户的凭据。然后,我可以使用它来模拟该用户B的登录,从而访问他的网页
我解释了如何在计算机上执行此操作
顺便说一句,我只是想回答你提出的问题:“我很好奇这是否是我的设置的问题,或者如果不小心使用auto_prepend_文件,自然会导致无限循环。”
A:代码中存在逻辑缺陷。登录表单有一个操作“logon.php”,然后在处理登录脚本之前执行前置命令。此prepend.php检测到用户未登录,因此重定向到logon.php。所以chrome检测到logon.php的请求重定向到logon.php,并引发您列出的错误。Puk,我说过我今天会回来给您一个正确的答案。为什么不在我们的讨论中讨论这个问题呢。问什么本质上是相同的,有六种不同的方式,这有点违背了SO的精神。“你们只是浪费了回答者的时间。”TerryE抱歉,我回去在我们的讨论中详细阐述了