dq8081 2018-01-29 21:08
浏览 78
已采纳

离子3 HTTP-GET连接输入用户名和密码,用于访问php页面

What I am trying to do is add a password,username headers to this http get request. Then have the .php page allow the function if the username and password are correct. I have seen a lot of answers concerning headers for basic authorization and posting data. What I am trying to do is add some basic security to this http get request.

data.ts

getData() {     
    let headers = new Headers({ 'Content-Type':'*/*' });
    headers.append('Authorization', 'Basic' + (loginname + ':' + password) );
    this.http.get('https:data.php', { headers: headers }, {})
    .map(res => res.json())
    .subscribe(data => {
    console.log(data.data);
},
    err => {
    this.connectionAlert();
});

}

data.php

<?php
$login = ‘loginname’;  // move to lib config
$pass = ‘password’;  // move to lib config 

if (!isset($_SERVER['PHP_AUTH_PW']!= $pass || $_SERVER['PHP_AUTH_USER'] != $login)) {
    header('WWW-Authenticate: Basic realm="My Site"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'User not allowed';
    exit;
} else {
    echo "<p>Sucess</p>";

}

?>

My error is

Cannot use isset() on the result of an expression (you can use "null !== expression" instead)

The answers I have found online do not seem to fix the problem.

  • 写回答

1条回答 默认 最新

  • dsijovl015728613 2018-02-04 03:38
    关注

    isset is used to test if a variable exists, not to compare it to another value. You have to do the comparison as a separate part of your if statement:

    if (
    !isset($_SERVER['PHP_AUTH_PW'])
    || $_SERVER['PHP_AUTH_PW'] !== $pass
    || !isset($_SERVER['PHP_AUTH_USER'])
    || $_SERVER['PHP_AUTH_USER'] !== $login
) {
    header('WWW-Authenticate: Basic realm="My Site"');

    It's always a good idea to check for the existence of a server variable before using it. In this case, the !isset() checks are necessary if a user visits the page directly in their browser, as the page will be requested at least once before the user has had a chance to enter their username and password in their browser's basic auth dialog. See the PHP manual for more information about isset.

    To ensure secure username and password checking, I suggest using strict comparison !== operators. Not sure if this is relevant in your use case, but please note that basic auth transmits the username and password in plain text, and is only secure over the internet if used with https.

    Also, I had to change the quotes in the first two lines to plain ' characters to be able to test this code:

    $login = 'loginname';  // move to lib config                                     
$pass = 'password';  // move to lib config
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 stata安慰剂检验作图但是真实值不出现在图上
  • ¥15 c程序不知道为什么得不到结果
  • ¥40 复杂的限制性的商函数处理
  • ¥15 程序不包含适用于入口点的静态Main方法
  • ¥15 素材场景中光线烘焙后灯光失效
  • ¥15 请教一下各位,为什么我这个没有实现模拟点击
  • ¥15 执行 virtuoso 命令后,界面没有,cadence 启动不起来
  • ¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
  • ¥20 有关区间dp的问题求解
  • ¥15 多电路系统共用电源的串扰问题