On Monday 17 April 2006 14:41, jan gestre wrote: > On 4/17/06, Paolo Alexis Falcone <[EMAIL PROTECTED]> wrote: > > On Monday 17 April 2006 12:21, jan gestre wrote: > > > our website, it is actually a jobsite running LAMP on redhat enterprise > > > edition currently has some issues, applicants who's currently logged in > > > > can > > > > > browse and go to other applicants page by just changing any digit on > > > the url. how can i correct these serious issues? by directly editing > > > the php codes? enabling mod_rewrite? if by enabling mod_rewrite, how > > > will i > > > > enable > > > > > the module without recompiling apache on our redhat box? > > > your inputs will be greatly appreciated. > > > > Instead of using HTTP GET, try using the HTTP POST method in your PHP > > code when you do form submissions. > > > > -- > > tried these but with same result, the login code and other functions are > > all in one page... when a user login, the page calls itself with > > displaying the user_id of the user in the url. as i have said earlier, > > when a user changes the id on the url, he is able to change the profile > > of other user, a friend told me to use SESSION or COOKIES, but when i > > tried putting a code for the session, applicant users is still able to > > log in, but with no information displayed. any solutions for these?
If you're still seeing your variables in the URL, you're still using HTTP GET. -- Paolo Alexis Falcone [EMAIL PROTECTED]
pgp96OGMtjOit.pgp
Description: PGP signature
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
