在Yii2中使用$ _SERVER ['SERVER_NAME']检测环境是否正确

if ($_SERVER['SERVER_NAME'] == 'localhost' || $_SERVER['SERVER_NAME'] == '127.0.0.1') 
{
    defined('YII_DEBUG') or define('YII_DEBUG', true);
    defined('YII_ENV') or define('YII_ENV', 'dev');
}

require __DIR__ . '/../../vendor/autoload.php';
require __DIR__ . '/../../vendor/yiisoft/yii2/Yii.php';
require __DIR__ . '/../../common/config/bootstrap.php';
require __DIR__ . '/../config/bootstrap.php';

if(YII_ENV == 'prod')
{
    $config = yii\helpers\ArrayHelper::merge(
        require __DIR__ . '/../../common/config/main.php',
        require __DIR__ . '/../config/main.php'
    );
}
else
{
    $config = yii\helpers\ArrayHelper::merge(
       require __DIR__ . '/../../common/config/main.php',
       require __DIR__ . '/../../common/config/main-local.php',
       require __DIR__ . '/../config/main.php',
       require __DIR__ . '/../config/main-local.php'
   );
}

I am trying to use multiple environments but don't what to change all the time in files so I use if condition in my index.php file and its working but I don't know it is the right way or not.

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
doucanrui1735 2018-06-12 07:39
关注
No, it is not. And this is a potential security issue - $_SERVER['SERVER_NAME'] can be spoofed, so someone may access your remote production server using localhost as a host name. If you're not validating host name at webserver level, then he will see your website in debug mode. From $_SERVER['SERVER_NAME'] docs:

Note: Under Apache 2, you must set UseCanonicalName = On and ServerName. Otherwise, this value reflects the hostname supplied by the client, which can be spoofed. It is not safe to rely on this value in security-dependent contexts.

You should probably keep environment-specific settings/constants in separate file outside of version control. For example in config/environment-local.php. And setup it manually on every instance. You may also use Composer hooks to copy default content of this file - I implemented something like that in my template. Then require this file on the top of your index.php file instead of your condition:

require __DIR__ . '/../config/environmen-local.php'; require __DIR__ . '/../../vendor/autoload.php'; require __DIR__ . '/../../vendor/yiisoft/yii2/Yii.php'; require __DIR__ . '/../../common/config/bootstrap.php'; require __DIR__ . '/../config/bootstrap.php'; // rest of bootstrap
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

在Yii2中使用$ _SERVER ['SERVER_NAME']检测环境是否正确 php
2018-06-12 04:53

回答 1 已采纳 No, it is not. And this is a potential security issue - $_SERVER['SERVER_NAME'] can be spoofed, so
如何使用$ .post（）发送请求并在yii2中向数据库添加数据 javascript jquery php
2016-06-28 05:55

回答 1 已采纳 //user is "finished typing," do something function doneTyping () { data = \$TitleI
Yii2文件上传返回UPLOAD_ERR_PARTIAL apache php
2018-01-28 19:46

回答 1 已采纳 You are doing it wrong if you have to require a file input on insert and not on the update you sho
php $_server 参数,php关于$_SERVER中一些和环境有关的参数详解
2021-03-16 16:15

轩辕虹列的博客前面有一个关于$_SERVER的文档，今天，来看看怎么不同环境下其携带参数的差异与统一。REQUEST_URI由HTTP1.1协议定义，指向某个页面的URI，去除开头的协议、主机、端口等信息。如 ...
无法在PHP中启用mb_string php ubuntu
2019-07-28 20:44

回答 1 已采纳 After over 3,5 hours of search, I found the solution!!! I HOPE IT WILL HELP SOMEONE ELSE !! THE E
使用yii2中的图表，每次都使用ajax刷新 ajax javascript jquery json php
2016-10-07 19:41

回答 1 已采纳 Your question doesn't give away a great deal about how much you're willing to do some trial and er
将Yii2从Apache迁移到Nginx - 在后端应用程序上失败 apache nginx php
2016-06-24 08:45

回答 1 已采纳 Fix it myself by adding config below location ^~ /belakang { try_files $uri $uri/ /belaka
PHP Yii下，$_REQUEST获取不到前端post过来的数据
2021-08-11 10:50

叶涛网站推广优化的博客　最近在搭建PHP服务的时候，遇到一个问题，选用框架是YII，通过POSTMAN提交数据，提交方式选择POST 　,其中Body主要有以下三个选项　1、form-data 　2、x-www-form-urlencoded 　3、raw 　当选择1、form-da.....
Yii别名不在我的main.php中工作 php
2014-06-08 03:48

回答 2 已采纳 figured it out. i had duplicate global classes in my common.components. and frontend.components. f
Yii2发送pdf到邮件不工作？ php
2018-03-28 14:14

回答 2 已采纳 First i have save the generated pdf in the server directory and then send it to mail and unlink
fileinfo PHP扩展未安装在真实服务器中 php
2016-04-30 23:06

回答 2 已采纳 my solution to that is : in home page of cPanel go to : logiciel => select PHP version and a li
php 魔术常量、魔术函数和 $_SERVER变量
2020-08-02 11:41

戴国进的博客 __FILE__ $_SERVER['SCRIPT_FILENAME'] 反映的是当前执行程序的绝对路径及文件名；__FILE__ 反映的是原始文件（被包含文件）的绝对路径及文件名。 __LINE__ __CLASS__ __FUNCTION__ __METHOD__ 魔术...
Yii2 elasticsearch setAttributes（）不起作用 elasticsearch php
2015-06-04 05:09

回答 1 已采纳 By default setAttributes only sets attributes that have at least a single validation rule defined
PHP中__FILE__ 和 $_SERVER["SCRIPT_FILENAME"]
2014-02-20 22:28

weixin_30817749的博客今天在看yii入口代码的时候，研究了下路径的写法：主要有这个方面的疑惑，PHP中__FILE__ 和 $_SERVER["SCRIPT_FILENAME"]？区别，百度了一下。给出下面的答案：假设apache的web根目录是 d:/web先建立 d:/web/wr1....
php yii2框架教程,Yii2框架使用快速入门
2021-04-14 02:37

Eagle义果的博客 Yii 是一个通用的 Web 编程框架，即可以用于开发各种用 PHP 构建的 Web 应用。因为基于组件的框架结构和设计精巧的缓存支持，它特别适合开发大型应用，如门户网站、社区、内容管理系统(CMS)、电子商务项目和 ...
没有解决我的问题, 去提问

悬赏问题

¥15 素材场景中光线烘焙后灯光失效
¥15 请教一下各位，为什么我这个没有实现模拟点击
¥15 执行 virtuoso 命令后，界面没有，cadence 启动不起来
¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
¥20 有关区间dp的问题求解
¥15 多电路系统共用电源的串扰问题
¥15 slam rangenet++配置
¥15 有没有研究水声通信方面的帮我改俩matlab代码
¥15 ubuntu子系统密码忘记
¥15 保护模式-系统加载-段寄存器

在Yii2中使用$ _SERVER ['SERVER_NAME']检测环境是否正确

1条回答 默认 最新

悬赏问题

1条回答默认最新