Question

我找到了一组允许一个人使用php登录而没有mysql的程序。略微修改的版本（一组4）如下所示。关于这个集合的好处是我使用welcome.php来显示Google表格。即使正确登录，也无法轻易找到存储用户名和密码的位置以及嵌入的Google表格的名称。

问题是这个集合在某些服务器上运行但在其他服务器上不起作用。想知道为什么。有人可以帮忙吗？

我是这个网站的新手，并尝试过以前未能上传此套装程序。我再试一次。

JTK

auth.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/text.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Log In</title>
</head>
<body>
<p>&nbsp;</p>
<h1 align="center" class="style17">Log-in Page</h1>
<br/>
 <h3 align="center" class="red">Please log in
</h3>
<p align="center">
<form method="post" name="auth" action="success.php">
<table width="400" border="0" cellspacing="4" cellpadding="0" align="center">
  <tr>
    <td width="150" align="right">User Name: </td>
    <td><input name="user" type="text" id="user" maxlength="15"></td>
      </tr>
  <tr>
    <td width="150" align="right">Password: </td>
    <td><input name="pass" type="password" id="pass" maxlength="20"></td>
  </tr>
  <tr>
    <td width="150" align="right">&nbsp;</td>
    <td><input type="submit" name="Submit" value="Submit"></td>
  </tr>
</table>
</form>
<br>
<?php
if ($flag==wrong)
{
echo "Invalid User Name or Password.  Please try again.";
}
?>
<?php
if ($flag==out)
{
echo "You have logged Out";
}
?>
<p>&nbsp;</p>
<hr>
<p>&nbsp;</p>
</body>
</html>

success.php

<?php
session_start();
include("sec.php");
if (($user==USER) && ($pass==PASSWORD))
{
$_SESSION['myuser'] = "ok";
header("Location: welcome.php");
}
else
{
header("Location: auth.php?flag=wrong");
}
?>

sec.php

<?php
define("USER", "ABC");
define("PASSWORD", "XYZ");
?>

的welcome.php

<?php session_start();
if ($_SESSION['myuser']=="")
{
header("Location: auth.php");
exit;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Welcome</title>
</head>

<body>
<p align="center">
<h2>You have successfully signed in </h2>
</p>
<p align="center">&nbsp;</p>

<?php session_start();
session_destroy();
$_SESSION = array();
?>

</body>
</html>

Answer 1

例如，$ flag的使用取决于如何在您正在使用它的服务器上设置PHP环境（register_globals = true允许这样的设置，而register_globals = false阻止它）。此外，自PHP 5.4以来，register_globals已被弃用。

我建议你改为做这样的事情：

if (isset($_GET['flag']) && $_GET['flag'] == "wrong") {
    echo "Invalid User Name or Password.  Please try again.";
}
if (isset($_GET['flag']) && $_GET['flag'] == "out") {
    echo "You have logged Out";
}

在这种情况下，您的GET参数以更正确的方式检查标志变量。并且只有它被设置。

您应该对success.php中的变量执行相同的操作，例如：

if (isset($_POST['user']) && isset($_POST['pass']) && $_POST['user'] == USER && $_POST['pass'] == PASSWORD)
{
    $_SESSION['myuser'] = "ok";
    header("Location: welcome.php");
}
else
{
    header("Location: auth.php?flag=wrong");
}

php在某些服务器上不起作用

JTK

auth.php

success.php

sec.php

的welcome.php

1 个答案: