Home  >  Article  >  php教程  >  Learn more about register_globals

Learn more about register_globals

黄舟
黄舟Original
2016-12-13 17:43:422071browse

register_globals is forcibly restricted in dedecms

Since the register_globals setting controls the PHP variable access range, if it is turned on, it will cause unnecessary security issues, so it is forcibly turned off here. If the webmaster's space does not support it, you can use the following methods The method is modified for the reference of webmasters:

*If it is a stand-alone server user, you can modify php.ini in the php configuration file, change register_globals=On to register_globals=Off, and then restart Apache.

*If it is a virtual server Users of the host should notify the space provider as much as possible to let them modify the configuration, or they can try ini_set('register_globals',0).

* Create a new .htaccess file in the website directory and add php_flag register_globals off. If you already have a .htaccess file, just add it in a new line at the end;

*If it doesn’t work, you can only use the last resort to directly go to include/common.inc.php and delete the following code (no Suggestion).

//Enabling register_globals will have many unsafe possibilities, so it is mandatory to close register_globalsif(ini_get('register_globals')){ exit('php.ini register_globals must is Off! '); } Starting from PHP4.2.0 version, the default value of register_globals setting option in php.ini becomes off. So, it's best to start programming in Off's style now!
The value of register_globals can be set to: On or Off. Let’s give a piece of code to describe their differences respectively.

Code:





When register_globals=Off When the next program receives, it should use $_GET['user_name'] and $_GET['user_pass'] to accept the passed value. (Note: When the method attribute of

is post, you should use $_POST['user_name'] and $_POST['user_pass'])

When register_globals=On, the next program can directly use $user_name and $user_pass to accept the value.

As the name suggests, register_globals means to register as a global variable, so when it is On, the passed value will be directly registered as a global variable and used directly, and when it is Off, we need to get it in a specific array. Therefore, friends who encounter the above problems of not being able to get the value should first check whether your register_globals setting matches your method of obtaining the value. (To check, you can use the phpinfo() function or check php.ini directly) Let’s see what’s wrong here?

Look at the following PHP script, which is used to authorize access to a web page when the entered username and password are correct:

// Check username and password
if ($username == 'kevin' and $password == 'secret')
$authorized = true;
?>


Please enter your username and password:



< p>Username:

Password:






The problem with the above code is that you can easily gain access without providing the correct username and password. Just add ?authorized=1 at the end of your browser's address bar. Because PHP automatically creates a variable for every submitted value -- whether from a form submission, a URL query string, or a cookie -- this will set $authorized to 1, so an unauthorized user can Security restrictions can be exceeded.

register_globals=off Solution to the problem that the website cannot be opened

register_globals is a configuration in php.ini. This configuration affects how php receives the passed parameters. As the name suggests, register_globals means to register as a global variable, so when On When, the passed value will be directly registered as a global variable for direct use, and when Off, we need to get it in a specific array. Therefore, friends who encounter the above problems of not being able to get the value should first check whether your register_globals setting matches your method of obtaining the value. (To check, you can use the phpinfo() function or directly check php.ini)

register_globals=off is mainly for security reasons. At the same time, most programs require that the value be set to off. What should I do with a large number of scripts written in the On style before? ? If your previous scripts were planned well and there is a public include file, such as a config.inc.php file, add the following code to this file to simulate it (this code is not guaranteed to solve your problem 100%, Because I haven't tested it extensively, but I think it works well).

Code:

if ( !ini_get("register_globals") )
{
extract($_POST);
extract($_GET);
extract($_SERVER);
extract($_FILES) ;
extract($_ENV);
extract($_COOKIE);

if ( isset($_SESSION) )
{
extract($_SESSION);
}
}
?>

php Undefined index Solution to Undefined variable

$act=$_POST['act'];

Using the above code always prompts
Notice: Undefined index: act in F:windsflybookpost.php on line 18

In addition, sometimes it will appear

Quotation content
Notice: Undefined variable: Submit...

and other such prompts

Cause: caused by undefined variables

Solution:
1) error_reporting setting:
Find error_reporting = E_ALL
Modify to error_reporting = E_ALL & ~E_NOTICE

2) register_globals setting:
Find register_globals = Off
Modify to register_globals = On

Notice: Undefined variable: email in D:PHP5ENOTEADDNOTE.PHP on line 9
Notice: Undefined variable: subject in D:PHP5ENOTEADDNOTE.PHP on line 9
 Notice: Undefined variable: comment in D:PHP5ENOTEADDNOTE.PHP on line 9
.....
 Originally, PHP does not need to define variables, but this situation occurs What should we do?
Just find the php.ini in C: WINDOWS
In line 302 of php.ini error_reporting = E_ALL
Change it to
error_reporting = E_ALL & ~E_NOTICE and then restart apache2.2
Solution: Modify php.ini
Change: error_reporting = E_ALL
to: error_reporting = E_ALL & ~E_NOTICE
If you don’t want any errors to be displayed, directly modify:
display_errors = Off
If you do not have the permission to modify php.ini, you can modify it in php.ini Add
  ini_set("error_reporting", "E_ALL & ~E_NOTICE");
  to the head

The above describes register_globals in depth. If you want to get more related content, please pay attention to the PHP Chinese website (www.php.cn)!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:Usage of struts2's tagNext article:Usage of struts2's tag