On 4/17/06, Paolo Alexis Falcone <[EMAIL PROTECTED]> wrote:
TIA
On Monday 17 April 2006 12:21, jan gestre wrote:
> our website, it is actually a jobsite running LAMP on redhat enterprise
> edition currently has some issues, applicants who's currently logged in can
> browse and go to other applicants page by just changing any digit on the
> url. how can i correct these serious issues? by directly editing the php
> codes? enabling mod_rewrite? if by enabling mod_rewrite, how will i enable
> the module without recompiling apache on our redhat box?
> your inputs will be greatly appreciated.
Instead of using HTTP GET, try using the HTTP POST method in your PHP code
when you do form submissions.
--
tried these but with same result, the login code and other functions are all in one page... when a user login, the page calls itself with displaying the user_id of the user in the url. as i have said earlier, when a user changes the id on the url, he is able to change the profile of other user, a friend told me to use SESSION or COOKIES, but when i tried putting a code for the session, applicant users is still able to log in, but with no information displayed. any solutions for these?
TIA
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
