Of Stack

Share the understanding that PHP register_globals values are on and off

  • 2020-09-16 07:24:59
  • OfStack

The value of register_globals can be set to either On or Off, and we will describe the difference in one piece of code.

Code: 


<form name="frmTest" id="frmTest" action="URL">
<input type="text" name="user_name" id="user_name">
<input type="password" name="user_pass" id="user_pass">
<input type="submit" value="login">
</form>

When register_globals=Off, the next program should receive the value passed in with $_GET['user_name'] and $_GET['user_pass']. (note: when < form > $_POST['user_name'] and $_POST['user_pass'] should be used when the method attribute is post.

When register_globals=On, the next program can accept the value directly using $user_name and $user_pass.

As the name implies, register_globals means to register as a global variable, so when using On, the value passed will be registered as a global variable and used directly, while when using Off, we need to go to a specific array to get it. So, those of you who have the above problem of not getting a value should first check to see if your register_globals setting matches the method you used to get the value. (You can view it using the phpinfo() function or directly view php.ini)

So let's see what's wrong with that?

Take a look at the PHP script below, which is used to authorize access to 1 Web page when the user name and password are entered correctly: 


<?php
//  Check the user name and password 
if ($username == 'kevin' and $password == 'secret')
$authorized = true;
?>
<?php if (!$authorized): ?>
<!--  Unauthorized users will be prompted here  -->
<p>Please enter your username and password:</p>
<form action="<?=$PHP_SELF?>" method="POST">
<p>Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" /></p>
</form>
<?php else: ?>
<!--  There are safety requirements HTML content  -->
<?php endif; ?>

The problem with the code above is that you can easily gain access without having to provide the correct user name and password. Only add at the end of the address bar to your browser? authorized = 1. Because PHP automatically creates a variable for every submitted value -- whether it's automatically a submitted form, an URL query string, or an cookie -- this sets $authorized to 1 so that an unauthorized user can breach the security limit.

Related articles: