PHP標頭身份驗證奇怪的代碼
[英]PHP header authentication strange code
問題描述
我從PHP.net代碼復制以進行標頭驗證
這是代碼:
<?php
$valid_passwords = array ("Itay" => "1234", "beta" => "password");
$valid_users = array_keys($valid_passwords);
$user = $_SERVER['PHP_AUTH_USER'];
$pass = $_SERVER['PHP_AUTH_PW'];
$validated = (in_array($user, $valid_users)) && ($pass == $valid_passwords[$user]);
if (!$validated) {
header('WWW-Authenticate: Basic realm="this is testing area. beta testers only!"');
header('HTTP/1.0 401 Unauthorized');
die ("Not authorized");
}
// If arrives here, is a valid user.
?>
現在,我的問題是為什么這行:
$validated = (in_array($user, $valid_users)) && ($pass == $valid_passwords[$user]);
用於代替
$validated = $pass == $valid_passwords[$user];
1 個解決方案
解決方案1
3 已采納 2016-03-22 08:34:38
$validated = (in_array($user, $valid_users)) && ($pass == $valid_passwords[$user]);
該行檢查用戶是否存在以及密碼是否正確。
如果您取消用戶檢查,則用戶=“ nonexisting”和密碼=“”將有效(當然,會有通知。
校驗:
$pass = "";
$user = "any non existing"
$validated = ($pass == $valid_passwords[$user]); //here will be notice
var_dump($validated);
PHP奇怪的頭
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.