与PHP中的文件交互会导致第二次交互不发生

Question

这可能会有一个简单的答案，但这是我的问题。我目前正在编写一个弱权限文件系统，如果给定文件为空(这是$filedir变量)，我希望用户不必进行任何身份验证检查。我可以成功地检查这个文件是否是空的，但是，如果我尝试读取任何其他内容(由file_get_contents(data.data)显示)，它就是不能工作。没有错误，但条件总是计算为真。我一直被困在这个问题上，而且我对PHP还不熟悉，所以希望有人能在这里帮助我！

提前谢谢你！卡尔

   <?php
$filedir = substr(getcwd(), 0, strpos(getcwd(), "this")).'this/is/' . $_SESSION['user_name'] . '/a' . '/' . $_POST['dataName'];

if ($_POST['c'] == "true") {
  $filedir = substr(getcwd(), 0, strpos(getcwd(), "this")).'this/is/a' . '/' . $_POST['dataName'];
}elseif ($_POST['c'] == "") {
  // code...
}else {
  $filedir = substr(getcwd(), 0, strpos(getcwd(), "this")).'this/is' . '/' . $_POST['c'] . '/a' . '/' . $_POST['dataName'];
}

  **//THIS IS THE FIRST CONDITION THAT, WHEN IMPLEMENTED, CAUSES THE SECOND CONDITION TO ALWAYS EVALUATE TO TRUE FOR SOME REASON**
  $pass = false;
  if (readfile($filedir) == 0) {
    $pass = true;
    echo "check";
  }else {
    echo "pass";
  }


if ($_POST['auth'] == "1") {

  $prev = getcwd();
  chdir(substr(getcwd(), 0, strpos(getcwd(), "this")) . 'this/is/adir');
  $cue = file_get_contents("data.data");
  // throw new \Exception("Incorrect auth token", 1);

if ($_POST['token'] == $cue) {
  $_SESSION['apiauth'] == $_POST['token'];
}elseif (file_get_contents($filedir) == '') {
  $_SESSION['apiauth'] == '';
}else {
  throw new \Exception("Incorrect auth token", 1);
}
chdir($prev);



}elseif ($_POST['permissions'] == true) {


  addLog($fn,'Permissions were changed', 'DATABASE-PERMISSIONS', null, null, 'Target: '. $_POST['dataName'] . 'Change: {Type: '.$_POST['type'].', Usertype: '.$_POST['user'].', Name: '.$_POST['name']);
if ($_POST['revoke'] == true && ($_POST['user'] != 'u' || ($_POST['user'] == 'e' || $_POST['user'] == 'a' || $_POST['user'] == 'm' || $_POST['user'] == null))) {
  throw new \Exception("Cannot revoke access without proper format", 1);
}

$prev = getcwd();
chdir(substr(getcwd(), 0, strpos(getcwd(), "this")) . 'this/is/adir');
$cue = file_get_contents("data.data");


**//BELOW THIS IS THE SECOND CONDITION THAT FAILS IF THE FIRST CONDITION IS IMPLEMENTED, AND WORKS FINE IF ITS LEFT OUT**
if ($cue === $_POST['token'] || $cue === $_SESSION['apiauth'] || $pass) {
  if ($_POST['type'] == 'r') {


    chdir(substr(getcwd(), 0, strpos(getcwd(), "this")) . 'this/is/a/dir/path');
    if ($_POST['user'] == 'e' || $_POST['user'] == 'a' || $_POST['user'] == 'm') {
      $cue = fopen($_POST['dataName'].".data", "w");
      fwrite($cue, '**'.$_POST['user'].'**');
      fclose($cue);
    }elseif ($_POST['user'] == 'u') {
      $d = file_get_contents($_POST['dataName'].".secure");

      if ($d == '**a**' || $d == '**e**' || $d == '**m**') {
        $cue = fopen($_POST['dataName'].".data", "w");
        fwrite($cue, '');
        fclose($cue);
      }
      if ($_POST['revoke'] == true) {
        $writein = str_replace($_POST['name']."||","",file_get_contents($_POST['dataName'].".secure"));
        $cue = fopen($_POST['dataName'].".data", "w");
        fwrite($cue, $writein);
        fclose($cue);
      }else {
        if (strpos(file_get_contents($_POST['dataName'].".secure"), $_POST['name']) !== false) {
          // throw new \Exception("User already exists in permission slot", 1);
        }else{
        $cue = fopen($_POST['dataName'].".data", "a");
        fwrite($cue, $_POST['name'].'||');
        fclose($cue);
      }
      }

    }else {
      throw new \Exception("Invalid parameter.", 1);
    }


  }
}else {
  addLog($fn,'Permission changed was blocked due to incorrect token', 'DATABASE-PERMISSIONS', 'danger', null, 'Target: '. $_POST['dataName'] . 'Change: {Type: '.$_POST['type'].', Usertype: '.$_POST['user'].', Name: '.$_POST['name']);
  throw new \Exception("Incorrect auth token", 1);
}
chdir($prev);
}

?>

Answer 1

从手册上

返回从文件中读取的字节数。如果发生错误，则返回FALSE，除非函数被调用为@readfile()，否则将打印错误消息。

你在这条线上做了一个弱的比较

if (readfile($filedir) == 0) {

}

如果调用失败，false == 0将计算为true，因为int值将计算为false。false == false是真的。因此，使用严格的比较运算符===，并试图找出调用失败的原因。

if (readfile($filedir) === 0) {

}

如果调用成功并返回任何内容(但也包括0)，则使用

if (readfile($filedir) !== false) {

}