Tuesday, April 9, 2019

Hard-coded credentials in php file prevent static files loading

Answer


Answer





For the sake of learning no-framework php from scratch, I wrote an admin.php file which have the following code:





$not_auth_msg = "
Not Authorized
";
if($_GET['username'] == "admin") {
    $pass = md5($_GET['password']);
    if($pass != "21232f297a57a5a743894a0e4a801fc3") {
        exit($not_auth_msg);
    }
} else {
    exit($not_auth_msg);

}

?>




  
  
  


..
..
..



Authorization works OK, but php 5.4's built in server replies "PHP Notice: Undefined index: username in ..." for each static file (bootstrap, jquery etc.), and the worse thing - the static files do not load!



What am I doing wrong?



Answer



Change the if with 



if(isset($_GET['username']) && $_GET['username'] == "admin") {
...

}


That will solve your problem. When your not providing username that key is not set in $_GET and error notification if your php.ini file must be ALL i.e. notifications will be displayed/rendered.



-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

plot explanation - Why did Peaches' mom hang on the tree? - Movies & TV

In the middle of the movie Ice Age: Continental Drift Peaches' mom asked Peaches to go to sleep. Then, she hung on the tree. This parti...