我在下面附加了一个登录脚本,它应该只将输入的值添加到当前url的末尾并将其传递给下一页。然而,而不是它将转到根'/'并添加?emp =。我有什么想法吗?
<?php
/**
* Login employee
*/
$current_page = "login.php";
require_once 'config.inc.php';
require_once 'lib.common.php';
turn_off_magic_quotes();
// Check for logout
if (isset($_REQUEST['logout'])) {
session_stop();
unset($_GET['emp']); // safety
unset($_REQUEST['empfullname']); // safety
// Fall through and display login form.
}
session_start();
$_SESSION['application'] = $current_page; // security
$return_url = isset($_SESSION['login_return_url']) ? $_SESSION['login_return_url'] : '/';
$msg = isset($_SESSION['login_msg']) ? $_SESSION['login_msg'] : '';
$error_msg = isset($_SESSION['login_error_msg']) ? $_SESSION['login_error_msg'] : '';
unset($_SESSION['login_msg']); // reinitialize
unset($_SESSION['login_error_msg']); // reinitialize
include 'setup_timeclock.php'; // authorize and initialize
// Parse arguments.
$emp = isset($_REQUEST['emp']) ? $_REQUEST['emp'] : null;
$empfullname = isset($_REQUEST['empfullname']) ? $_REQUEST['empfullname'] : null;
$password = isset($_REQUEST['password']) ? $_REQUEST['password'] : null;
if (! $empfullname) $empfullname = $emp; // from url or form entry
if ($empfullname) {
$empfullname = lookup_employee($empfullname);
if (! $empfullname) {
$error_msg .= "Name was not recognized. Please re-enter your name.\n";
}
}
////////////////////////////////////////
if (! $empfullname) {
unset($_SESSION['authenticated']);
// Get employee name
$PAGE_TITLE = "Login - $title";
$PAGE_STYLE = <<<End_Of_HTML
<link rel="stylesheet" type="text/css" media="screen" href="../css/jquery.suggest.css" />
End_Of_HTML;
include 'header.php';
if ($msg) print msg($msg);
if ($error_msg) print error_msg($error_msg);
print <<<End_Of_HTML
<div id="employee_entry_form">
<form action="{$_SERVER['PHP_SELF']}" method="get">
<table align="center" class="table_border" width="100%" border="0" cellpadding="3" cellspacing="0">
<tr>
<th class="rightside_heading" nowrap align="left" colspan="3"><img src="../images/icons/clock_add.png" /> Select an Employee Name:
</th>
</tr>
<tr><td height="15" colspan="3"></td></tr>
<tr><td class="table_rows" height="25" width="20%" style="padding-left:32px;" nowrap>Employee Name:</td>
<td colspan="2" width="80%" style="color:red;font-family:Tahoma;font-size:10px;">
<input type="text" size="25" maxlength="50" name="emp" id="emp" value="" /> *</td></tr>
<tr><td height="15" colspan="3"> </td></tr>
<tr><td class="table_rows" align="right" colspan="3" style="color:red;font-family:Tahoma;font-size:10px;">* required </td></tr>
</table>
<table align="center" width="100%" border="0" cellpadding="0" cellspacing="3" class="buttons">
<tr><td width="30"><input type="image" name="submit" value="Next" align="middle" src="../images/buttons/next_button.png" /></td>
<td><a href="index.php"><img src="../images/buttons/cancel_button.png" border="0" /></a></td></tr>
</table>
</form>
</div>
End_Of_HTML;
//include 'footer.php';
exit;
}
////////////////////////////////////////
////////////////////////////////////////
// Successful login
$_SESSION['authenticated'] = $empfullname;
$return_url = preg_replace('/\bemp(fullname)?=.*?&(.*)$/','$2',$return_url); // remove possible emp= from url
$return_url .= (preg_match('/[?]/',$return_url) ? '&' : '?') . "emp=".rawurlencode($empfullname); // add emp= argument to url
exit_next($return_url);
?>
答案 0 :(得分:0)
以下是您可以尝试的一些标准调试,这些调试都与您的最后几行有关:
$return_url和$empfullname是否具有您期望的值?尝试在正则表达式之前打印它们。$return_url的一些测试值进行硬编码,并在preg_replace来电和preg_match来电之前和之后打印输出。rawurlencode正在做你期望的事吗?尝试在$empfullname的测试值上运行它并打印结果。问题可能出在上述步骤的任何地方,但我的钱在#1上。如果$return_url为'/'且$empfullname为空,则您的最后一行只是将'?emp='附加到'/'。
这些行可以解释为什么$return_url为'/'且$empfullname为空,如果某些变量未设置:
$return_url = isset($_SESSION['login_return_url']) ? $_SESSION['login_return_url'] : '/';
$empfullname = isset($_REQUEST['empfullname']) ? $_REQUEST['empfullname'] : null;