0

我正在开发一个 osCommerce 项目,该项目可在主服务器上访问,但是当我尝试在我的 LOCALHOST 上访问项目的管理部分时,登录页面确实接受我的登录,理想情况下它应该接受我的登录并将我重定向到索引,php .. 下面是我正在使用的登录脚本..

<?php
  require('includes/application_top.php');

  if ($session_started == false) {
  echo 'session not started';
  }

  $error = false;
  if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {
    $email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']);
    $password = tep_db_prepare_input($HTTP_POST_VARS['password']);

// Check if email exists
    $check_admin_query = tep_db_query("select admin_id as login_id, admin_groups_id as login_groups_id, admin_firstname as login_firstname, admin_email_address as login_email_address, admin_password as login_password, admin_modified as login_modified, admin_logdate as login_logdate, admin_lognum as login_lognum from " . TABLE_ADMIN . " where admin_email_address = '" . tep_db_input($email_address) . "'");
    if (!tep_db_num_rows($check_admin_query)) {
      $HTTP_GET_VARS['login'] = 'fail';
    } else {
      $check_admin = tep_db_fetch_array($check_admin_query);

      //BOF code for cPanel installer - convert password to cre hash
      $check_password = $check_admin['login_password'];
      if (substr($check_password, 0, 8) == '_cPanel_'){
        $check_password = substr($check_password, 8);
        $password_hash = tep_encrypt_password($check_password);
        tep_db_query("UPDATE " . TABLE_ADMIN . " SET admin_password = '" . $password_hash . "'");
        $check_admin_query = tep_db_query("select admin_id as login_id, admin_groups_id as login_groups_id, admin_firstname as login_firstname, admin_email_address as login_email_address, admin_password as login_password, admin_modified as login_modified, admin_logdate as login_logdate, admin_lognum as login_lognum from " . TABLE_ADMIN . " where admin_email_address = '" . tep_db_input($email_address) . "'");
        $check_admin = tep_db_fetch_array($check_admin_query);
      }
      //EOF code for cPanel installer - convert password to cre hash

      // Check that password is good
      if (!tep_validate_password($password, $check_admin['login_password'])) {
        $HTTP_GET_VARS['login'] = 'fail';
      } else {
        if (tep_session_is_registered('password_forgotten')) {
          tep_session_unregister('password_forgotten');
        }

        $login_id = $check_admin['login_id'];
        $login_groups_id = $check_admin[login_groups_id];
        $login_firstname = $check_admin['login_firstname'];
        $login_email_address = $check_admin['login_email_address'];
        $login_logdate = $check_admin['login_logdate'];
        $login_lognum = $check_admin['login_lognum'];
        $login_modified = $check_admin['login_modified'];

        tep_session_register('login_id');
        tep_session_register('login_groups_id');
        tep_session_register('login_firstname');

        //$date_now = date('Ymd');
        tep_db_query("update " . TABLE_ADMIN . " set admin_logdate = now(), admin_lognum = admin_lognum+1 where admin_id = '" . $login_id . "'");

        if (($login_lognum == 0) || !($login_logdate) || ($login_email_address == 'admin@localhost') || ($login_modified == '0000-00-00 00:00:00')) {
          tep_redirect(tep_href_link(FILENAME_ADMIN_ACCOUNT, '', 'SSL'));
        } else {
          tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'SSL'));
        }

      }
    }
  }

  require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_LOGIN);
  include('includes/functions/rss2html.php');
?>

我尝试跟踪问题,每当我使用正确的电子邮件和密码登录时,它都不会给我“ $HTTP_GET_VARS['action']

有人可以指导我这里出了什么问题吗?

根据最初的答复

我在我的本地主机中启用了 register_long_arrays 并且在输入错误的电子邮件地址和密码的情况下它工作得很好。

4

4 回答 4

2

诸如HTTP_GET_VARS称为long-arrays的变量已被弃用 - 并且可以禁用。
请参阅register_long_arrays指令,关于这个:也许它在您的服务器上被禁用?


而不是$HTTP_GET_VARS,您应该使用$_GET超全局数组。

有关几个参考,请参阅:


注意:OS-commerce 是一个相当古老的软件,并且是在长数组被弃用之前开发的——这可能是使用它们的原因......以及为什么可以register_long_arrays在 PHP 的配置中启用该指令。

当然,这不推荐用于新软件......但如果你必须使用它......它可能比替换每个实例更容易$HTTP_GET_VARS

于 2010-06-21T11:27:39.880 回答
0

$HTTP_GET_VARS 已过时且已弃用,请改用 $_GET。这同样适用于其他超全局变量:$_POST、$_REQUEST、$_SERVER、$_COOKIES、$_FILES 等。

于 2010-06-21T11:27:20.590 回答
0

尝试$_GET['action']代替 $ HTTP_GET_VARS['action']。我建议你完全替换$HTTP_GET_VARS$_GET.

从 PHP 5.0.0 开始,可以使用 register_long_arrays 指令禁用长 PHP 预定义变量数组。

于 2010-06-21T11:27:33.977 回答
0

从 PHP 5.0.3HTTP_GET_VARS开始,长预定义数组默认禁用。改用这个:

$_GET['action'];
于 2010-06-21T11:29:50.307 回答