Redirigir bucles con auto_prepend_file (PHP)

I am curious as to whether this is a problem with my set up, or if auto_prepend_file naturally leads to infinite loops if used carelessly.

I have the following line my php.ini presentar

auto_prepend_file = "/etc/prepend.php"

Then I am trying to access a simple php file

índice.php:

<!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML>
   <HEAD>
      <TITLE>
         A Small Hello From The Tester
      </TITLE>
   </HEAD>
<BODY>
   <H1>TESTER</H1>
   <P>This is very minimal "hello world" HTML document.</P> 
</BODY>
</HTML>

The session files I more or less yanked from este sitio. I realize it's not state of the art impenetrable security, but it's good enough for testing purposes.

passwords.php:

<?php 
$USERS['username1'] = 'password1'; 
$USERS['username2'] = 'password2'; 
$USERS['username3'] = 'password3'; 

/**
 ** Query function to see if we are logged in. If the user is logged in,
 * the flow continues. If not, the user is redirected to a login screen.
 * @method check_logged
**/
function check_logged(){ 
   global $_SESSION, $USERS; 
   if (!array_key_exists($_SESSION['logged'],$USERS)) { 
      header('Location: /etc/login.php'); 
   }; 
}; 
?>

iniciar sesión.php:

<?php 

/**
 * Initialize session 
 */
session_start(); 

/**
 * Include passwords.php which will check to see if we are logged in
 */
include("/etc/passwords.php"); 

/**
 * I think this checks to see if the form has been submitted
 */
if ($_POST["ac"]=="log") {
   if ($USERS[$_POST["username"]] == $_POST["password"]) {
      //username and password exist in $USERS array  
      $_SESSION["logged"]=$_POST["username"]; 
   } else { 
      echo 'Incorrect username/password. Please, try again.'; 
   }; 
}; 
if (array_key_exists($_SESSION["logged"],$USERS)) { //// check if user is logged or not  
   echo "You are logged in."; //// if user is logged show a message  
} else { //// if not logged show login form 
   echo '<form action="login.php" method="post"><input type="hidden" name="ac" value="log"> '; 
   echo 'Username: <input type="text" name="username" /><br />'; 
   echo 'Password: <input type="password" name="password" /><br />'; 
   echo '<input type="submit" value="Login" />'; 
   echo '</form>'; 
}; 
?>

anteponer.php:

<?php 

/**
 * Initialize session 
 */
session_start();

/**
 * Include passwords.php which will check to see if we are logged in
 */
include('/etc/passwords.php'); 

/**
 * Check to see if we are logged in or not. If not, the
 * user is redirected to login.php page
 */
check_logged();
?>

Now if I go to a web browser and type in www.example.com/index.php, Chrome complains that

This webpage has a redirect loop The webpage at http://www.example.com/etc/login.php has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer. Here are some suggestions: Reload this webpage later. Learn more about this problem. Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects.

In case you're wondering, clearing the cache does not fix the problem. Looking at the code, can anyone tell me if a redirect loop would naturally arise from this? If so, how can I remedy this. If not, any ideas as to why this could be happening? I can post my virtual host configuration file too if necessary.

preguntado el 09 de marzo de 12 a las 14:03

Puk, I said that I'd get back and give you a proper answer today. Why not pick this up on our discussion. It's sort of going against the spirit of SO to ask what is essentially the same Q half a dozen different ways. You just waste answerers time. -

@TerryE Sorry, I went back and elaborated in our discussion -

1 Respuestas

Puk, you can't do the logon / logoff code from inside an autoprepend script. Why? Because if I was one of your users, for this to work, these scripts especially the passwords.php (or the access credentials if you were to store it in a database) must be readable by my UID is you are using suPHP. This means that I could access the credentials of another user. I could then use this to simulate a logon for that UserB and therefore access his web pages.

I explained how to do this on nuestro chat.

BTW, just to answer the Q that you posed: "I am curious as to whether this is a problem with my set up, or if auto_prepend_file naturally leads to infinite loops if used carelessly."

A: You've got a logic flaw in your code. The logon form has an action "logon.php" which then executes the prepend before processing the logon script. This prepend.php detects that the user isn't logged on and therefore redirects to logon.php. So chrome detects that a request to logon.php redirects to logon.php and raises the error that you list off.

Respondido el 18 de enero de 21 a las 12:01

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.