Re: [php-list] redirect if not logged in

Sat, 28 Oct 2006 16:40:02 -0700 

----- Original Message ----- 
From: "Mark Mckee"

hi all

im having a little trouble with a login script. all works fine but i can
still access the admin pages with the full url. do you have any pointers
on how i can solve this?
-----------------------------

Hello Mark,
                  You are trying to access a cookie before the server has
the cookie.

elseif ($_COOKIE[user]... refers to the value of the cookie on the users PC
at the beginning of the page load (the headers actually), so changing the
value of the cookie on the server does not effect the users PC once the
headers have been sent.

A PHP setcookie before headers are sent will result in the users cookie
being set during the header transfer but the servers $_COOKIE will become
the old value of the cookie from the users PC during header transfer and not
the value just set.

<?php
$oldcookie['pass']=$_COOKIE['pass'];
$oldcookie['user']=$_COOKIE['user'];
$newcookie['pass']=md5($password);
$newcookie['user']=md5($user);
setcookie["pass", $newcookie['pass'], $time+3200);
setcookie["user", $newcookie['user'], $time+3200);
....

Also not good to use variable names such as $password and $user as it makes
it easier for hackers.

Another problem is "else { $login_error= true; }", this makes mistakes too
easy better to do it this way.

$login_error=TRUE;
if (isset($_POST['user']) && isset($_POST['password']) &&
$_POST['user']==$mypersonalusername &&
$_POST['password']==$mypersonalpassword)
   {login_error=FALSE;}

Thanks, Rob.











Community email addresses:
  Post message: [email protected]
  Subscribe:    [EMAIL PROTECTED]
  Unsubscribe:  [EMAIL PROTECTED]
  List owner:   [EMAIL PROTECTED]

Shortcut URL to this page:
  http://groups.yahoo.com/group/php-list 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/php-list/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/php-list/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:[EMAIL PROTECTED] 
    mailto:[EMAIL PROTECTED]

<*> To unsubscribe from this group, send an email to:
    [EMAIL PROTECTED]

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

Reply via email to