Question

我在页面上有这个代码＆＃34; GetUsers.php＆＃34;

    <form action="actions/getusers.php" method="post">
                <div class="form-group">
                    <label for="user">User:</label>
                    <input type="text" class="form-control" id="user" name="user">
                </div>

                <button type="submit" name="Form" id="Form" class="btn btn-default">Manage</button>
    </form>

在＆＃34; actions / getusers.php＆＃34;上，我有这个：

<?php

include('../../config.php');

session_start();

if( isset($_SESSION['password']) && $_SESSION['password']==$usdb_config['adminpassword'] ) {
    return true;
}
if( !isset($_SESSION['password']) ) {
    header("Location: ../login.php");
    die();
}
if( isset($_SESSION['password']) && $_SESSION['password']!==$usdb_config['adminpassword'] ) {
    header("Location: ../login.php");
    die();
}

require('../../other/casesensitivecfg.php');
$AdminPassword = $_SESSION['password'];

$locationtodb =  '../../database/'.$usdb_config['db_username'].$usdb_config['db_password'].$usdb_config['db_passphrase'].'/';
$users = file_get_contents($locationtodb.'users.txt');
$User = $_POST['user'];
$SearchUser = $User;
$pattern = preg_quote($SearchUser, '/');
$pattern = "/^.*$pattern.*\$/m";
preg_match_all($pattern, $users, $matches);
$wholeLine = implode("\n", $matches[0]);
$data = explode(":", $wholeLine);

// header('Content-Type: text/plain');

?>

此代码中的HTML代码在＆＃34; actions / getusers.php＆＃34; ：

    <?php

            if( isset($_POST['Form']) ) {
                echo '
                <ul class="list-group">
                    <li class="list-group-item"><strong>User Owner: </strong>'.$data[2].'</li>
                    <li class="list-group-item"><strong>User: </strong>'.$data[0].'</li>
                    <li class="list-group-item"><strong>User Status: </strong>'.$data[1].'</li>
                </ul>
                ';
            }

            if( !preg_match_all($pattern, $users, $matches) ) {
                echo '<div class="alert alert-danger" role="alert">The user you entered does not exists!</div>';
            }

            if( $_POST['user']=="this_line_must_not_be_edited_or_removed" ) {
                echo '<div class="alert alert-danger" role="alert">The user you entered does not exists!</div>';
            }

    ?>

最后，在＆＃34; GetUsers.php＆＃34;上提交表格后，我得到空白页＆＃34; actions / getusers.php＆＃34;。

Answer 1

在您的actions/getusers.php脚本中，如果您使用管理员密码，则第一个if会终止脚本

<?php

include('../../config.php');

session_start();

if( isset($_SESSION['password']) && $_SESSION['password']==$usdb_config['adminpassword'] ) {
    return true;    // This kills the script before any output is generated
}

提交表单上的空白页

1 个答案: