PHP 包含/需要不传递变量

2022-01-06 00:00:00 authentication include php ajax joomla

是否可以在 PHP 中不传递传递给原始脚本的变量的内容?

Is it possible to include something in PHP without passing the variables that were passed to the original script?

我正在使用 Joomla,并且记录了错误 此处(非法变量...").php 脚本是一个将数据发送回浏览器的 AJAX 脚本,因此该脚本需要大量 POST 变量,执行数据库查询,然后回显结果.我试图加强安全性,所以我在这个脚本中加入了一个包含,以使用构建的 Joomla 模块对用户进行身份验证.我从这里那里得到了这个想法用户认证脚本.
身份验证脚本适用于某些页面,但对于其他页面,我收到了上面提到的错误.所以我想在不传递任何变量的情况下包含身份验证脚本.这可能吗?

I am using Joomla, and I am getting the error documented here ("Illegal Variables ..."). The php script is an AJAX script that sends data back to the browser, so this script takes a lot of POST variables, does a database query, then echos the result. I am trying to tighten up security, so I put an include in this script to authenticate the user with the built it Joomla modules. I got the idea from here for the user authentication script.
The authentication script works for some pages, but with others I get the error mentioned above. So I want to include the authentication script without passing any variables to it. Is this possible?

这里有更多细节.

在 ajax 脚本中我有这个:

In the ajax script I have this:

<?php
    include '/var/www/joomla-auth.php';
...

下面是脚本,基本上joomla-auth.php"包含的脚本负责获取mysql查询的用户名和密码.joomla-auth 的内容:

below here is the script, basically the "joomla-auth.php" included script takes care of getting the username and password for a mysql query. Contents of joomla-auth:

<?php

define( '_JEXEC', 1 );
define('JPATH_BASE', dirname(__FILE__));
define( 'DS', DIRECTORY_SEPARATOR );
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );

/* Create the Application */
$mainframe =& JFactory::getApplication('site');

/* Make sure we are logged in at all. */
if (JFactory::getUser()->id == 0)
    die("Access denied: login required.");

$user =& JFactory::getUser();

我很确定是定义或要求行引发了错误:

I am pretty sure it is the define or require lines that is throwing the error:

非法变量 _files 或 _env 或 _get 或 _post 或_cookie 或 _server 或 _session 或传递给脚本的全局变量.

Illegal variable _files or _env or _get or _post or _cookie or _server or _session or globals passed to script.

如上面第一个链接中所述.

As documented in the first link above.

编辑 2:

'joomla-auth.php' 脚本生成 $username 和 $password 变量,然后在 AJAX 脚本中使用这些变量.我在 AJAX 脚本的顶部尝试了这个:

The 'joomla-auth.php' script makes $username and $password variables which are then used in the AJAX script. I tried this at the top of the AJAX script:

function get_creds(){
    include '/var/www/joomla-auth.php';
    return Array($username,$password);
}

$creds = get_creds();
$username = $creds[0];
$password = $creds[1];
....

但是 $_POST 变量仍然被传递到/var/www/joomla-auth.php :-(

But still the $_POST variables are being passed to /var/www/joomla-auth.php :-(

推荐答案

如果您将错误中提到的变量之一传递给 url(或通过 mod_rewrite),Joomla 会抛出此错误:

Joomla throws this error if you're passing it one of the vars mentioned in your error to the url (or via mod_rewrite):

_files 或 _env 或 _get 或 _post 或 _cookie 或 _server 或 _session

_files or _env or _get or _post or _cookie or _server or _session

此外,我认为如果您传递一个完整的数字变量,则会引发相同的错误,例如:

Besides, I think the same error is thrown if you're passing a whole numeric variable, such as:

http://yoursite.com/?123456=abc

只要确保您没有在 url 中传递任何这些变量.如果找不到问题,请尝试在抛出错误之前检查请求中的内容.

Just make sure you're not passing any of these vars in the url. If you can't find the problem, try to check what's in the request before the error is thrown.

希望能帮到你!

相关文章