php-general Digest 20 Jul 2008 13:07:44 -0000 Issue 5579
Topics (messages 277113 through 277121):
Re: OpenID
277113 by: Colin Guthrie
Re: very very small CMS
277114 by: tedd
277115 by: Bastien Koert
277116 by: tedd
277117 by: Robert Cummings
277118 by: tedd
277119 by: Robert Cummings
277121 by: Bastien Koert
Re: session ok?
277120 by: Nathan Nobbe
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Bipin Upadhyay wrote:
Clamshell -- http://wiki.guruj.net/Clamshell!Home
Also:
http://siege.org/projects/phpMyID/
Col
--- End Message ---
--- Begin Message ---
At 5:24 PM -0400 7/19/08, Robert Cummings wrote:
Wasn't it just placeholder data? It looked like latin.
Cheers,
Rob.
Rob:
Yes, it was placeholder data. It was --
http://www.lipsum.com/
-- data with images and titles and such. It was designed to look like
a normal web page.
However, what you did was replace everything. Fortunately, you didn't
replace it with evil code. :-)
I was hoping for discussion rather than a surprise. But, no harm done.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
On Sat, Jul 19, 2008 at 8:37 PM, tedd <[EMAIL PROTECTED]> wrote:
> At 5:24 PM -0400 7/19/08, Robert Cummings wrote:
>
>> Wasn't it just placeholder data? It looked like latin.
>>
>> Cheers,
>> Rob.
>>
>
> Rob:
>
> Yes, it was placeholder data. It was --
>
> http://www.lipsum.com/
>
> -- data with images and titles and such. It was designed to look like a
> normal web page.
>
> However, what you did was replace everything. Fortunately, you didn't
> replace it with evil code. :-)
>
> I was hoping for discussion rather than a surprise. But, no harm done.
>
> Cheers,
>
> tedd
>
> --
> -------
> http://sperling.com http://ancientstones.com http://earthstones.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
my firefox is not happy finding the site..IE and Opera are both good with
it...Dunno if this is my problem or something funky in the site?
--
Bastien
Cat, the other other white meat
--- End Message ---
--- Begin Message ---
At 8:42 PM -0400 7/19/08, Bastien Koert wrote:
my firefox is not happy finding the site..IE and Opera are both good
with it...Dunno if this is my problem or something funky in the site?
--
Bastien
Bastien:
Which site?
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
On Sat, 2008-07-19 at 17:17 -0400, tedd wrote:
> At 4:38 PM -0400 7/19/08, Robert Cummings wrote:
> >On Sat, 2008-07-19 at 16:31 -0400, tedd wrote:
> > > No problem -- I had the data backed-up anyway. I figured that someone
> >> would do what you did and I was ready for it -- it was easy enough to
> > > fix.
>
> -snip-
>
> >What do you mean backed up? I just replaced the filler data on the page
> >with some filler JavaScript that basically did the following:
> >
> ><script>document.body.innerHTML = 'Rob was here';</script>
> >
> >I didn't do anything to your server files. It was easily remedied by
> >loading the page with JavaScript disabled.
> >
> >I hope you didn't think I tainted your filesystem. I wouldn't do that
> >even as a joke.
>
> Well, that's not what happened. All the data shown here --
>
> http://www.webbytedd.com/a/easy-page-db/
>
> -- is pulled directly from my database.
I see you now only use the POSTed data to display the destination page.
But you don't actually save it to the database. Nice try with "Scubby"
btw ;) Not sure if you've ever heard of Tor.
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--- End Message ---
--- Begin Message ---
At 10:08 PM -0400 7/19/08, Robert Cummings wrote:
I see you now only use the POSTed data to display the destination page.
But you don't actually save it to the database. Nice try with "Scubby"
btw ;) Not sure if you've ever heard of Tor.
Cheers,
Rob.
Rob:
I knew as soon as I put in "Scubby", you would find a way around it. :-)
No, I don't save anything to the dB anymore. Like I said, next time
I'll put in a login and ask people not to change stuff too much --
after all, the end-user should be someone who wants his web site to
look good instead of something else.
No, I never heard of "Tor" -- what's that?
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
On Sat, 2008-07-19 at 22:17 -0400, tedd wrote:
> At 10:08 PM -0400 7/19/08, Robert Cummings wrote:
> >I see you now only use the POSTed data to display the destination page.
> >But you don't actually save it to the database. Nice try with "Scubby"
> >btw ;) Not sure if you've ever heard of Tor.
> >
> >Cheers,
> >Rob.
>
>
> Rob:
>
> I knew as soon as I put in "Scubby", you would find a way around it. :-)
>
> No, I don't save anything to the dB anymore. Like I said, next time
> I'll put in a login and ask people not to change stuff too much --
> after all, the end-user should be someone who wants his web site to
> look good instead of something else.
>
> No, I never heard of "Tor" -- what's that?
An anonymous proxy... http://www.torproject.org/
Essentially, I can connect to remote sites and appear to come from an IP
other than my own. Or in the case of Doctor Who, or originally, the
Black Donelleys... it allows me to watch restricted media on broadcast
station websites (such as the BBC or NBC) that do geo-IP filtering :)
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--- End Message ---
--- Begin Message ---
On Sat, Jul 19, 2008 at 9:28 PM, tedd <[EMAIL PROTECTED]> wrote:
> At 8:42 PM -0400 7/19/08, Bastien Koert wrote:
>
>>
>> my firefox is not happy finding the site..IE and Opera are both good with
>> it...Dunno if this is my problem or something funky in the site?
>>
>> --
>>
>> Bastien
>>
>
> Bastien:
>
> Which site?
>
>
> tedd
>
> --
> -------
> http://sperling.com http://ancientstones.com http://earthstones.com
>
http://www.webbytedd.com/a/easy-page-db/
but it looks like its a gmail issue...not hanlding the link
correctly..strange
--
Bastien
Cat, the other other white meat
--- End Message ---
--- Begin Message ---
On Sat, Jul 19, 2008 at 3:56 PM, tedd <[EMAIL PROTECTED]> wrote:
> Hi gang:
>
> Nothing like trying to help someone to raise questions for yourself.
>
> Here's the problem:
>
> http://webbytedd.com/b1/simple-session/
>
> This demo seems to work Okay. The user can't go anywhere unless they enter
> 'guest' into the form -- after that, then they can go anywhere they want.
>
> I do this by simply taking a post variable and if its value is 'guest', I
> then set a session variable 'ok' to 1. You can see this in the code, which
> is highlighted at the end of each page.
>
> When the user leaves the script (via the More button in the top left
> corner), they are directed back to my main index page which destroys ALL
> sessions -- or -- so I thought.
>
sanity check, are you doing anything w/ $_SESSION['ok'] or the session at
all on the webbytedd.com homepage? i dont think $_SESSION['ok'] is being
set to 0, nor is the session being destroyed (unless youre doing something
w/ it when building your webbytedd.com homepage).
> Please follow, if a user goes to:
>
> http://webbytedd.com/b1/simple-session/
>
> enters 'guest' travels the site, leaves, and returns -- they are presented
> with another logon page, just like the first time.
if i leave and return, im not redirected. i just get the page i ask for.
for example, if i authenticate by entering 'guest' at the first page. then
close the tab with your site, then open a new window (or tab) and paste in
the url to one of the protected pages, like
http://www.webbytedd.com/b1/simple-session/index2.php
i go right to it, no redirect. because i havent hit any code to destroy the
session, or change the value of $_SESSION['ok'] to 0.
HOWEVER, if the user clicks any of the other pages (2-4) they are directed
> back to the first page AND the ok session is magically set to 1 !!! I have
> no idea why the session ok is set to 1.
because $_SESSION['ok'] is never set to 0.
> You can see that the session array and post array at the top of the page
> are clearly both empty. But if the user clicks any of the other links the
> session 'ok' is set to 1 !!! Where does that value come from???
>
> Apparently, I am not destroying the session, even though I have tried every
> example shown in the on-line manual -- and nothing works.
with the current auth code i see nothing that would destroy the session
(although im sure youve been through other things as you mentioned). but if
you want to destroy it, i would do something like, session_unset() and then
this bit from the manual (if propagating w/ cookies [which i can see in my
browser so i know thats the case in this example]),
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-42000, '/');
}
and anyway, if youve been putting these different things in the block of
code where youre currently setting $_SESSION['ok'] to 0, thats why they
arent working.
as far as this code in the auth file
$ok = isset($_SESSION['ok']) ? $_SESSION['ok'] : 0;
$_SESSION['ok'] is always going to be 1 after they authenticate, so the
block to set $_SESSION['ok'] to 0 and redirect them will never be hit.
if you put something like
<?php
session_start();
$_SESSION['ok'] = 0;
at the top of webbytedd.com, i think it will work the way you expect it to.
and then you can remove the statement in the auth file that sets
$_SESSION['ok'] to 0, because its only ever going to be hit if the user isnt
already authenticated, meaning its not really doing much, but maybe an
initialization in the case where it isnt set (eg. first visit to one of the
protected pages).
-nathan
--- End Message ---
