Tuesday 9 April 2019
Hard-coded credentials in php file prevent static files loading
Answer
Answer
For the sake of learning no-framework php from scratch, I wrote an admin.php file which have the following code:
$not_auth_msg = "Not Authorized
";
if($_GET['username'] == "admin") {
$pass = md5($_GET['password']);
if($pass != "21232f297a57a5a743894a0e4a801fc3") {
exit($not_auth_msg);
}
} else {
exit($not_auth_msg);
}
?>
..
..
..
Authorization works OK, but php 5.4's built in server replies "PHP Notice: Undefined index: username in ..." for each static file (bootstrap, jquery etc.), and the worse thing - the static files do not load!
What am I doing wrong?
Answer
Change the if with
if(isset($_GET['username']) && $_GET['username'] == "admin") {
...
}
That will solve your problem. When your not providing username that key is not set in $_GET and error notification if your php.ini file must be ALL i.e. notifications will be displayed/rendered.
Subscribe to:
Post Comments (Atom)
php - file_get_contents shows unexpected output while reading a file
I want to output an inline jpg image as a base64 encoded string, however when I do this : $contents = file_get_contents($filename); print &q...
No comments:
Post a Comment