PHP header 认证奇怪代码
PHP header authentication strange code
我从 PHP.net 复制代码用于 header 身份验证
代码如下:
<?php
$valid_passwords = array ("Itay" => "1234", "beta" => "password");
$valid_users = array_keys($valid_passwords);
$user = $_SERVER['PHP_AUTH_USER'];
$pass = $_SERVER['PHP_AUTH_PW'];
$validated = (in_array($user, $valid_users)) && ($pass == $valid_passwords[$user]);
if (!$validated) {
header('WWW-Authenticate: Basic realm="this is testing area. beta testers only!"');
header('HTTP/1.0 401 Unauthorized');
die ("Not authorized");
}
// If arrives here, is a valid user.
?>
现在,我的问题是为什么这一行:
$validated = (in_array($user, $valid_users)) && ($pass == $valid_passwords[$user]);
使用 代替
$validated = $pass == $valid_passwords[$user];
$validated = (in_array($user, $valid_users)) && ($pass == $valid_passwords[$user]);
此行检查用户是否存在以及密码是否正确。
如果去掉user校验,那么user="nonexisting"和password=""就有效了(当然会有提示。
检查:
$pass = "";
$user = "any non existing"
$validated = ($pass == $valid_passwords[$user]); //here will be notice
var_dump($validated);
我从 PHP.net 复制代码用于 header 身份验证
代码如下:
<?php
$valid_passwords = array ("Itay" => "1234", "beta" => "password");
$valid_users = array_keys($valid_passwords);
$user = $_SERVER['PHP_AUTH_USER'];
$pass = $_SERVER['PHP_AUTH_PW'];
$validated = (in_array($user, $valid_users)) && ($pass == $valid_passwords[$user]);
if (!$validated) {
header('WWW-Authenticate: Basic realm="this is testing area. beta testers only!"');
header('HTTP/1.0 401 Unauthorized');
die ("Not authorized");
}
// If arrives here, is a valid user.
?>
现在,我的问题是为什么这一行:
$validated = (in_array($user, $valid_users)) && ($pass == $valid_passwords[$user]);
代替
$validated = $pass == $valid_passwords[$user];
$validated = (in_array($user, $valid_users)) && ($pass == $valid_passwords[$user]);
此行检查用户是否存在以及密码是否正确。
如果去掉user校验,那么user="nonexisting"和password=""就有效了(当然会有提示。
检查:
$pass = "";
$user = "any non existing"
$validated = ($pass == $valid_passwords[$user]); //here will be notice
var_dump($validated);