与 PHP 中的文件交互会导致第二次交互不会发生
Interacting with a file in PHP causes second interaction to just not happen
这可能会有一个简单的答案,但这是我的问题。我目前正在编写一个弱权限文件系统,如果给定文件为空(这是 $filedir 变量),我希望用户不必进行任何身份验证检查。我可以成功检查此文件是否为空,但是,如果我尝试读取其他任何内容(如 file_get_contents(data.data) 所示),它就无法正常工作。没有错误,但条件将始终评估为真。我一直坚持这个,我对 PHP 还是个新手,所以希望有人能帮助我!
提前致谢!
卡尔
<?php
$filedir = substr(getcwd(), 0, strpos(getcwd(), "this")).'this/is/' . $_SESSION['user_name'] . '/a' . '/' . $_POST['dataName'];
if ($_POST['c'] == "true") {
$filedir = substr(getcwd(), 0, strpos(getcwd(), "this")).'this/is/a' . '/' . $_POST['dataName'];
}elseif ($_POST['c'] == "") {
// code...
}else {
$filedir = substr(getcwd(), 0, strpos(getcwd(), "this")).'this/is' . '/' . $_POST['c'] . '/a' . '/' . $_POST['dataName'];
}
**//THIS IS THE FIRST CONDITION THAT, WHEN IMPLEMENTED, CAUSES THE SECOND CONDITION TO ALWAYS EVALUATE TO TRUE FOR SOME REASON**
$pass = false;
if (readfile($filedir) == 0) {
$pass = true;
echo "check";
}else {
echo "pass";
}
if ($_POST['auth'] == "1") {
$prev = getcwd();
chdir(substr(getcwd(), 0, strpos(getcwd(), "this")) . 'this/is/adir');
$cue = file_get_contents("data.data");
// throw new \Exception("Incorrect auth token", 1);
if ($_POST['token'] == $cue) {
$_SESSION['apiauth'] == $_POST['token'];
}elseif (file_get_contents($filedir) == '') {
$_SESSION['apiauth'] == '';
}else {
throw new \Exception("Incorrect auth token", 1);
}
chdir($prev);
}elseif ($_POST['permissions'] == true) {
addLog($fn,'Permissions were changed', 'DATABASE-PERMISSIONS', null, null, 'Target: '. $_POST['dataName'] . 'Change: {Type: '.$_POST['type'].', Usertype: '.$_POST['user'].', Name: '.$_POST['name']);
if ($_POST['revoke'] == true && ($_POST['user'] != 'u' || ($_POST['user'] == 'e' || $_POST['user'] == 'a' || $_POST['user'] == 'm' || $_POST['user'] == null))) {
throw new \Exception("Cannot revoke access without proper format", 1);
}
$prev = getcwd();
chdir(substr(getcwd(), 0, strpos(getcwd(), "this")) . 'this/is/adir');
$cue = file_get_contents("data.data");
**//BELOW THIS IS THE SECOND CONDITION THAT FAILS IF THE FIRST CONDITION IS IMPLEMENTED, AND WORKS FINE IF ITS LEFT OUT**
if ($cue === $_POST['token'] || $cue === $_SESSION['apiauth'] || $pass) {
if ($_POST['type'] == 'r') {
chdir(substr(getcwd(), 0, strpos(getcwd(), "this")) . 'this/is/a/dir/path');
if ($_POST['user'] == 'e' || $_POST['user'] == 'a' || $_POST['user'] == 'm') {
$cue = fopen($_POST['dataName'].".data", "w");
fwrite($cue, '**'.$_POST['user'].'**');
fclose($cue);
}elseif ($_POST['user'] == 'u') {
$d = file_get_contents($_POST['dataName'].".secure");
if ($d == '**a**' || $d == '**e**' || $d == '**m**') {
$cue = fopen($_POST['dataName'].".data", "w");
fwrite($cue, '');
fclose($cue);
}
if ($_POST['revoke'] == true) {
$writein = str_replace($_POST['name']."||","",file_get_contents($_POST['dataName'].".secure"));
$cue = fopen($_POST['dataName'].".data", "w");
fwrite($cue, $writein);
fclose($cue);
}else {
if (strpos(file_get_contents($_POST['dataName'].".secure"), $_POST['name']) !== false) {
// throw new \Exception("User already exists in permission slot", 1);
}else{
$cue = fopen($_POST['dataName'].".data", "a");
fwrite($cue, $_POST['name'].'||');
fclose($cue);
}
}
}else {
throw new \Exception("Invalid parameter.", 1);
}
}
}else {
addLog($fn,'Permission changed was blocked due to incorrect token', 'DATABASE-PERMISSIONS', 'danger', null, 'Target: '. $_POST['dataName'] . 'Change: {Type: '.$_POST['type'].', Usertype: '.$_POST['user'].', Name: '.$_POST['name']);
throw new \Exception("Incorrect auth token", 1);
}
chdir($prev);
}
?>
来自手册
Returns the number of bytes read from the file. If an error occurs,
FALSE is returned and unless the function was called as @readfile(),
an error message is printed.
你在这条线上进行了弱比较
if (readfile($filedir) == 0) {
}
如果调用失败,false == 0 将计算为真,因为 int 值将计算为假。 false == false 是真的。所以使用严格的比较运算符 === 并尝试找出调用失败的原因。
if (readfile($filedir) === 0) {
}
或使用,如果调用成功并返回任何内容(但也返回 0)
if (readfile($filedir) !== false) {
}
这可能会有一个简单的答案,但这是我的问题。我目前正在编写一个弱权限文件系统,如果给定文件为空(这是 $filedir 变量),我希望用户不必进行任何身份验证检查。我可以成功检查此文件是否为空,但是,如果我尝试读取其他任何内容(如 file_get_contents(data.data) 所示),它就无法正常工作。没有错误,但条件将始终评估为真。我一直坚持这个,我对 PHP 还是个新手,所以希望有人能帮助我!
提前致谢! 卡尔
<?php
$filedir = substr(getcwd(), 0, strpos(getcwd(), "this")).'this/is/' . $_SESSION['user_name'] . '/a' . '/' . $_POST['dataName'];
if ($_POST['c'] == "true") {
$filedir = substr(getcwd(), 0, strpos(getcwd(), "this")).'this/is/a' . '/' . $_POST['dataName'];
}elseif ($_POST['c'] == "") {
// code...
}else {
$filedir = substr(getcwd(), 0, strpos(getcwd(), "this")).'this/is' . '/' . $_POST['c'] . '/a' . '/' . $_POST['dataName'];
}
**//THIS IS THE FIRST CONDITION THAT, WHEN IMPLEMENTED, CAUSES THE SECOND CONDITION TO ALWAYS EVALUATE TO TRUE FOR SOME REASON**
$pass = false;
if (readfile($filedir) == 0) {
$pass = true;
echo "check";
}else {
echo "pass";
}
if ($_POST['auth'] == "1") {
$prev = getcwd();
chdir(substr(getcwd(), 0, strpos(getcwd(), "this")) . 'this/is/adir');
$cue = file_get_contents("data.data");
// throw new \Exception("Incorrect auth token", 1);
if ($_POST['token'] == $cue) {
$_SESSION['apiauth'] == $_POST['token'];
}elseif (file_get_contents($filedir) == '') {
$_SESSION['apiauth'] == '';
}else {
throw new \Exception("Incorrect auth token", 1);
}
chdir($prev);
}elseif ($_POST['permissions'] == true) {
addLog($fn,'Permissions were changed', 'DATABASE-PERMISSIONS', null, null, 'Target: '. $_POST['dataName'] . 'Change: {Type: '.$_POST['type'].', Usertype: '.$_POST['user'].', Name: '.$_POST['name']);
if ($_POST['revoke'] == true && ($_POST['user'] != 'u' || ($_POST['user'] == 'e' || $_POST['user'] == 'a' || $_POST['user'] == 'm' || $_POST['user'] == null))) {
throw new \Exception("Cannot revoke access without proper format", 1);
}
$prev = getcwd();
chdir(substr(getcwd(), 0, strpos(getcwd(), "this")) . 'this/is/adir');
$cue = file_get_contents("data.data");
**//BELOW THIS IS THE SECOND CONDITION THAT FAILS IF THE FIRST CONDITION IS IMPLEMENTED, AND WORKS FINE IF ITS LEFT OUT**
if ($cue === $_POST['token'] || $cue === $_SESSION['apiauth'] || $pass) {
if ($_POST['type'] == 'r') {
chdir(substr(getcwd(), 0, strpos(getcwd(), "this")) . 'this/is/a/dir/path');
if ($_POST['user'] == 'e' || $_POST['user'] == 'a' || $_POST['user'] == 'm') {
$cue = fopen($_POST['dataName'].".data", "w");
fwrite($cue, '**'.$_POST['user'].'**');
fclose($cue);
}elseif ($_POST['user'] == 'u') {
$d = file_get_contents($_POST['dataName'].".secure");
if ($d == '**a**' || $d == '**e**' || $d == '**m**') {
$cue = fopen($_POST['dataName'].".data", "w");
fwrite($cue, '');
fclose($cue);
}
if ($_POST['revoke'] == true) {
$writein = str_replace($_POST['name']."||","",file_get_contents($_POST['dataName'].".secure"));
$cue = fopen($_POST['dataName'].".data", "w");
fwrite($cue, $writein);
fclose($cue);
}else {
if (strpos(file_get_contents($_POST['dataName'].".secure"), $_POST['name']) !== false) {
// throw new \Exception("User already exists in permission slot", 1);
}else{
$cue = fopen($_POST['dataName'].".data", "a");
fwrite($cue, $_POST['name'].'||');
fclose($cue);
}
}
}else {
throw new \Exception("Invalid parameter.", 1);
}
}
}else {
addLog($fn,'Permission changed was blocked due to incorrect token', 'DATABASE-PERMISSIONS', 'danger', null, 'Target: '. $_POST['dataName'] . 'Change: {Type: '.$_POST['type'].', Usertype: '.$_POST['user'].', Name: '.$_POST['name']);
throw new \Exception("Incorrect auth token", 1);
}
chdir($prev);
}
?>
来自手册
Returns the number of bytes read from the file. If an error occurs, FALSE is returned and unless the function was called as @readfile(), an error message is printed.
你在这条线上进行了弱比较
if (readfile($filedir) == 0) {
}
如果调用失败,false == 0 将计算为真,因为 int 值将计算为假。 false == false 是真的。所以使用严格的比较运算符 === 并尝试找出调用失败的原因。
if (readfile($filedir) === 0) {
}
或使用,如果调用成功并返回任何内容(但也返回 0)
if (readfile($filedir) !== false) {
}