I think that this depends on GPC setting. If first is get, and then cookie I think
there is no problem because $allowed from GET
will be overwritten by the session variable which is read from
session_892147jshfjksahfdjk8978 file because
$PHPSESSID==892147jshfjksahfdjk8978 . But is better to use $HTTP_SESSION_VARS or
whatever was the name of the array with registered
variables. Also for GET or POST variables to use $HTTP_GET_VARS and $HTTP_POST_VARS
Andrey Hristov
IcyGEN Corporation
http://www.icygen.com
99%
----- Original Message -----
From: "Sheridan Saint-Michel" <[EMAIL PROTECTED]>
To: "Gert Mellak" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Monday, August 27, 2001 9:27 PM
Subject: Re: [PHP] Re: authentication
> It seems like there would be several problems with doing it this way.
> The most obvious is what happens when someone types in
> http://www.yoursite.com/protected.php?allowed=true
>
> In addition to that, how can you tell who is viewing the page?
> With this setup everyone passes an identical set of info to the server.
>
> I would suggest, instead, passing their username and some sort of
> simple session id ( could be as simple as md5(time()); ) variable and
> comparing these against stored values in a DB.
>
> I have examples of this here:
> Main Script - http://www.zend.com/codex.php?id=393&single=1
> Header File - http://www.zend.com/codex.php?id=397&single=1
>
> Sheridan Saint-Michel
> Website Administrator
> FoxJet, an ITW Company
> www.foxjet.com
>
> ----- Original Message -----
> From: "Gert Mellak" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, August 27, 2001 1:06 PM
> Subject: [PHP] Re: authentication
>
>
> > hi!
> >
> > I ever solve this problem with sessions... when a user does the login, I
> > have
> >
> > session_start();
> > session_register("allowed");
> > $allowed = true;
> >
> > and on the top of all the other sites, where just "special" users are
> > allowed to go in, there is a
> >
> > include ("checkAllowed.php");
> >
> > checkAllowed.php just contains:
> > if (!$allowed)
> > die ("Access denied");
> >
> > I hope I could help you... if so - or if you have got questions, please
> feel
> > free to email me!
> >
> > yours,
> >
> > gert mellak
> > ==================
> > eMail: [EMAIL PROTECTED]
> > http://www.mellak.com
> >
> >
> >
> >
> > Wilbert Enserink <[EMAIL PROTECTED]> schrieb in im Newsbeitrag:
> > 006601c12ef5$aff7c380$[EMAIL PROTECTED]
> > Hi all,
> >
> >
> > Can anybody help me with this authentication problem?
> >
> > Clients can log in using a html form on my site. When they log in their
> > username and password are checked in a mysql database. Then they are
> > forwarded to a url, a directory on my site also coming from the db. This
> > directory should not be public of couse, so I did a chmod 744 on the
> clients
> > directory.
> >
> > Anybody has any ideas? I prefer not to use the standard window popup thing
> > for authentication.
> > I checked the php manual, but there is not much info on plain html forms
> on
> > the subject, or maybe it is my English...:-)
> >
> >
> >
> > Regards, Wilbert
> >
> > -------------------------
> > Pas de Deux
> > Van Mierisstraat 25
> > 2526 NM Den Haag
> > tel 070 4450855
> > fax 070 4450852
> > http://www.pdd.nl
> > [EMAIL PROTECTED]
> > -------------------------
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
