0

im using this URL:

http://domain.co.uk/iphone/index.php?c=knnKVLO4ROKPvvtxUCDu&bhsirf=Q8IP6OKRtaOCjcCgpb94&9froifhew3=ux9XI0vjKfzieTVS6rTt&40289njgw=We80L1RXDPIQj4ENL3QM&AdjoirtGERG^%%C2%A3fd=ozS60iysc1Vd9QgVDZIP&jorw4958fq%C2%A3$=2kbCk7EXRNMZlYMhDdkhVm2E3j4sNDtmo8ho2Ag6&ffjg^GDDFGn2FFGHe=8fuTCaTzKbf1VYQPcornK8LOK4ERPT43XoegnvTByli9c1rIInTwvwvShxkN&a@@^%45383fhreFGGew=48bFy4U6bBYcMqLHnVfK2kbCk7EXRNMZlYMhDdkh&fGHDFb.fewfrgopewFRWGREG=gbBYKubAEk7DcpQ69M7ZkxVGa2aSWiYlrEXOUqDINYsKnnMhf0hHqhQGdMUS9M3Zy74em2NIrubulwS5XcPmgHytg8we8f1y9aR2&gfiegrowu895743fdGTRY%C2%A3QT%C2%A3%yewhfuigw9545TRWTRYEgsgfnfht34o=vXBuTfXODHxQsHJZH9MQx4TrFZ38eaEmm5eowcKVgeH69YYGWofJQI0Y4jE9GDhFrHdFhMc2Tqtlb4LwWEO47z5IrEp42QppEYMlLzx4yIFlxpNZ3g4gU384DqYPNo9c3Ks2RGGNEVaMhJNewC6g48WHeEhP6r5tfOpI5OyCsNiukHXfoAqVxtaggqt6xkce74hP4f22

and then this in my PHP:

<?php
if($_GET["c"] == 'knnKVLO4ROKPvvtxUCDu' and $_GET["bhsirf"] == 'Q8IP6OKRtaOCjcCgpb94' and $_GET["9froifhew3"] == 'ux9XI0vjKfzieTVS6rTt' and $_GET["40289njgw"] == 'We80L1RXDPIQj4ENL3QM' and $_GET["AdjoirtGERG^%£fd"] == 'ozS60iysc1Vd9QgVDZIP' and $_GET["jorw4958fq£$"] == '2kbCk7EXRNMZlYMhDdkhVm2E3j4sNDtmo8ho2Ag6' and $_GET["ffjg^GDDFGn2FFGHe"] == '8fuTCaTzKbf1VYQPcornK8LOK4ERPT43XoegnvTByli9c1rIInTwvwvShxkN' and $_GET["a@@^%45383fhreFGGew"] == '48bFy4U6bBYcMqLHnVfK2kbCk7EXRNMZlYMhDdkh' and $_GET["fGHDFb.fewfrgopewFRWGREG"] == 'gbBYKubAEk7DcpQ69M7ZkxVGa2aSWiYlrEXOUqDINYsKnnMhf0hHqhQGdMUS9M3Zy74em2NIrubulwS5XcPmgHytg8we8f1y9aR2' and $_GET["gfiegrowu895743fdGTRY£QT£%yewhfuigw9545TRWTRYEgsgfnfht34o"] == 'vXBuTfXODHxQsHJZH9MQx4TrFZ38eaEmm5eowcKVgeH69YYGWofJQI0Y4jE9GDhFrHdFhMc2Tqtlb4LwWEO47z5IrEp42QppEYMlLzx4yIFlxpNZ3g4gU384DqYPNo9c3Ks2RGGNEVaMhJNewC6g48WHeEhP6r5tfOpI5OyCsNiukHXfoAqVxtaggqt6xkce74hP4f22')
{
    //fine
}
else
{
    header("Location: /iphone/error.php");
}
?>

but its redirecting to error.php page even though everything is correct. are my strings too long or is there something else wrong?

heres the var_dump for $_GET:

errorarray(10) { ["index_php?c"]=> string(20) "knnKVLO4ROKPvvtxUCDu" ["bhsirf"]=> string(20) "Q8IP6OKRtaOCjcCgpb94" ["9froifhew3"]=> string(20) "ux9XI0vjKfzieTVS6rTt" ["40289njgw"]=> string(20) "We80L1RXDPIQj4ENL3QM" ["AdjoirtGERG^%£fd"]=> string(20) "ozS60iysc1Vd9QgVDZIP" ["jorw4958fq£$"]=> string(40) "2kbCk7EXRNMZlYMhDdkhVm2E3j4sNDtmo8ho2Ag6" ["ffjg^GDDFGn2FFGHe"]=> string(60) "8fuTCaTzKbf1VYQPcornK8LOK4ERPT43XoegnvTByli9c1rIInTwvwvShxkN" ["a@@^E383fhreFGGew"]=> string(40) "48bFy4U6bBYcMqLHnVfK2kbCk7EXRNMZlYMhDdkh" ["fGHDFb_fewfrgopewFRWGREG"]=> string(100) "gbBYKubAEk7DcpQ69M7ZkxVGa2aSWiYlrEXOUqDINYsKnnMhf0hHqhQGdMUS9M3Zy74em2NIrubulwS5XcPmgHytg8we8f1y9aR2" ["gfiegrowu895743fdGTRY£QT£%yewhfuigw9545TRWTRYEgsgfnfht34o"]=> string(200) "vXBuTfXODHxQsHJZH9MQx4TrFZ38eaEmm5eowcKVgeH69YYGWofJQI0Y4jE9GDhFrHdFhMc2Tqtlb4LwWEO47z5IrEp42QppEYMlLzx4yIFlxpNZ3g4gU384DqYPNo9c3Ks2RGGNEVaMhJNewC6g48WHeEhP6r5tfOpI5OyCsNiukHXfoAqVxtaggqt6xkce74hP4f22" }

4 Answers4

1

Found one error:

You use the following key which does not exist in the array:

$_GET["fGHDFb.fewfrgopewFRWGREG"]

This one exists though:

$_GET["fGHDFb_fewfrgopewFRWGREG"]

(See Amirs answer for explanation).

Also, $_GET["c"] is not a valid key. Somehow, maybe because of a rewrite rule (as suggested by Michael Berkowski in comments to your question), it is changed to $_GET["index_php?c"].

With that said, your solution does not seem optimal, because you risk running into problems like these... What are you exactly trying to accomplish?

Frederik Wordenskjold
  • 10,031
  • 6
  • 38
  • 57
1

Dots and spaces in variable names are converted to underscores. For example <input name="a.b" /> becomes $_GET["a_b"] refer here

Community
  • 1
  • 1
Amir
  • 4,089
  • 4
  • 16
  • 28
0

It is possible that the issue has to do with operator precedence and and && are not equal.

I would try replacing and with &&.

marteljn
  • 6,446
  • 3
  • 30
  • 43
  • That's not an error, both `and` and `&&` are valid: http://php.net/manual/en/language.operators.logical.php – Niko May 19 '13 at 13:48
  • @Niko your right sorry haven't messed with php in a while. It is still possible that my suggestion is worth trying since `and` and `&&` have different precedence. – marteljn May 19 '13 at 13:56
  • 1
    I think you may have a point. `and` has lower precedence than `=`, which may apply to `==` as well, making it possible to mess with his final truth value. – Frederik Wordenskjold May 19 '13 at 14:08
  • @Niko Valid but not the same... var_dump(true and false) will return you true ! – 0x1gene May 19 '13 at 14:09
  • http://stackoverflow.com/questions/2803321/and-vs-as-operator – Frederik Wordenskjold May 19 '13 at 14:10
  • @0x1gene No, it returns false as expected: http://codepad.viper-7.com/t464Ma – Niko May 19 '13 at 14:12
  • @Niko and @0x1gene: Read my comments and learn! `=` has higher precedence than `and`. This results in the behavior here: http://codepad.viper-7.com/fbKhB9 – Frederik Wordenskjold May 19 '13 at 15:32
  • @FrederikWordenskjold How does that apply to the use of `and` vs `&&` in an if condition (with `==` rather than `=`, which are different operators)? I don't see your point here. – Niko May 19 '13 at 19:26
0

The first and the second codes your posted seems to be OK for me but for some reason you are redirected to the error page. The user "Frederik Wordenskjold" stated a difference of keys you might want to see if it is OK. My suggestion to solve this problem or at least get a clue of where it is would be to print every $_GET you receive in that file (comment the "if-else" statement just to test this) so you can realise if the problem is in the file you are looking or in what you receive through $_GET

Flexo
  • 87,323
  • 22
  • 191
  • 272
Martin Buzzetti
  • 1
  • 4