du9757 2016-03-22 08:25
浏览 49
已采纳

PHP头认证奇怪的代码

I copied from PHP.net code for header authentication

Here is the code:

<?php
$valid_passwords = array ("Itay" => "1234", "beta" => "password");
$valid_users = array_keys($valid_passwords);
$user = $_SERVER['PHP_AUTH_USER'];
$pass = $_SERVER['PHP_AUTH_PW'];
$validated = (in_array($user, $valid_users)) && ($pass == $valid_passwords[$user]);
if (!$validated) {
  header('WWW-Authenticate: Basic realm="this is testing area. beta testers only!"');
  header('HTTP/1.0 401 Unauthorized');
  die ("Not authorized");
}
// If arrives here, is a valid user.
?>

Now, my question is why does this line:

$validated = (in_array($user, $valid_users)) && ($pass == $valid_passwords[$user]);

is used instead of

$validated = $pass == $valid_passwords[$user];

  • 写回答

1条回答 默认 最新

  • dongyunshan4066 2016-03-22 08:34
    关注
    $validated = (in_array($user, $valid_users)) && ($pass == $valid_passwords[$user]);

    This row check both that user exists and password is correct.

    if you remove user check, then user ="nonexisting" and password= "" will be valid (and of course, there will be notice.

    check:

    $pass = "";
$user = "any non existing"
$validated = ($pass == $valid_passwords[$user]); //here will be notice
var_dump($validated);
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 腾讯企业邮箱邮件可以恢复么
  • ¥15 有人知道怎么将自己的迁移策略布到edgecloudsim上使用吗?
  • ¥15 错误 LNK2001 无法解析的外部符号
  • ¥50 安装pyaudiokits失败
  • ¥15 计组这些题应该咋做呀
  • ¥60 更换迈创SOL6M4AE卡的时候,驱动要重新装才能使用,怎么解决?
  • ¥15 让node服务器有自动加载文件的功能
  • ¥15 jmeter脚本回放有的是对的有的是错的
  • ¥15 r语言蛋白组学相关问题
  • ¥15 Python时间序列如何拟合疏系数模型