I’ve downloaded such script: $QUERY_STRING=login; if (file_exists(passwd.dat) && $QUERY_STRING != ): require (passwd.dat); if

Question

0

Asked: June 1, 20262026-06-01T01:18:25+00:00 2026-06-01T01:18:25+00:00

I’ve downloaded such script: $QUERY_STRING=login; if (file_exists(passwd.dat) && $QUERY_STRING != ): require (passwd.dat); if

0

I’ve downloaded such script:

$QUERY_STRING="login";

if (file_exists("passwd.dat") && $QUERY_STRING != ""):
     require ("passwd.dat");
     if (!isset($alogin) || md5($pass) != $Password[$alogin] || !isset($Password[$alogin])):
          $logined = 0;
          //$error = "Неверный логин или пароль!<br>";
          setcookie("alogin","",0);
          setcookie("pass","",0);
     else:
          $logined = 1;
          setcookie("alogin",$alogin,time()+60*60*24*30*12);
          setcookie("pass",$pass,time()+60*60*24*30*12);
     endif;
endif;
?>

and it works just fine on remote server, but doesn’t work on local one. As I figured out, on remote machine $_POST/$_COOKIE arrays are “unpacked” to just variables, e.g. if $_POST[‘abc’] is defined you can access it via $abc. What mechanism is it? Just don’t know where to look…

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-01T01:18:26+00:00

Editorial Team

2026-06-01T01:18:26+00:00Added an answer on June 1, 2026 at 1:18 am

This setting is called register_globals and you should never, ever use it. You should instead modify the script so that it accesses $_POST['abc'] directly, which is the correct way.

If the script is long and/or complicated, then simply accept the fact that it is crap and find a better one.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’ve downloaded such script: $QUERY_STRING=login; if (file_exists(passwd.dat) && $QUERY_STRING != ): require (passwd.dat); if

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply