RE: [PHP] Re: Question about using session and "logging out"
I think the method Kevin mentioned is the best.
In other words, on every secure page you have a script that checks is a session
registered. IF it is, it lets you go through and execute the rest of the script if
not, simply tells you to login that's it. Very simple, if interested I can show
example.
Vlad
-Original Message-
From: Stanislav Skrypnik [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 17, 2003 7:30 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] Re: Question about using session and "logging out"
Hi Kevin,
I don't well understand this part:
> if active session {
> // validate privs for this page
Can you give small example?
TIA,
Stas
"Kevin Stone" <[EMAIL PROTECTED]> wrote in message
019501c2be78$4ad0dc30$6601a8c0@kevin">news:019501c2be78$4ad0dc30$6601a8c0@kevin...
> Don,
>
> The only method that I have discovered to protect the login against the
> back-button is to validate the session at the top of each and every
> protected page. Forgive the psuedo code..
>
> if active session {
> // validate privs for this page
> // session start
> }else{
> // logout
> }
> ?>
>
> When the back button is pressed it goes through this process, sees that
> there is no active session, goes to else and shunts back to the login
> screen.
>
> Hope that helps,
> Kevin
>
> - Original Message -
> From: "Bobby Patel" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, January 17, 2003 3:26 PM
> Subject: [PHP] Re: Question about using session and "logging out"
>
>
> > I believe there something (a meta tag?) called meta-refresh or just
> > refresh.
> >
> > But I believe you have to set the refresh interval. and if you set the
> > interval to small it might eat your server's resources.
> >
> > OR I just thought of this, sometimes when you get to a page (usually
with
> > forms?) it says that the page is expired and must be refreshed. Maybe
you
> > can get that behaviour, so that when someone hits back, they have to
> > refresh.
> >
> > Bobby
> >
> > "Don" <[EMAIL PROTECTED]> wrote in message
> > 020401c2be4f$c5420fd0$c889cdcd@enterprise">news:020401c2be4f$c5420fd0$c889cdcd@enterprise...
> > Hi,
> >
> > I have an application that uses sessions to allow customers to access a
> > restricted area. That is, they are prompted for a user login and
> password.
> > I then use sessions to track each customer. At the top of each page, I
> have
> > placed the following PHP code:
> >
> > session_cache_limiter('Cache-control: private');
> > session_start();
> >
> > Everything works fine. However, I have a logout link that when clicked,
> > runs the following PHP code (where userid is the login name):
> >
> > session_cache_limiter('nocache');
> > if (isset($HTTP_SESSION_VARS['userid'])) {
> >$HTTP_SESSION_VARS['userid'] = '';
> >session_unregister($HTTP_SESSION_VARS['userid']);
> > }
> > session_unset();
> > session_destroy();
> > Header('Location: ' . 'http://www.lclnav.com' . $globals->relative_path
.
> > 'customerlogin_standard.html');
> >
> > I think the above is all that is needed to end the session. I use the
> > Header() function to take the user back to the login page.
> >
> > Here is my question: Once I click on the "logout" link and am taken
back
> to
> > the main login page, I can click on the browser BACK button and still
get
> my
> > previous page 'as if I was still logged in'. Please note that clicking
on
> > REFRESH tells me that I am not really logged in.
> >
> > I know that browsers cache pages and there may not be anything I can do,
> > however, I have seen sites that seem to work around this; i.e..,
clicking
> on
> > the back button loads a pages telling the user that they are no longer
> > logged in. This is what I want to emulate. Is there a PHP method to
> always
> > force a reload the first time a page is called?
> >
> > Thanks,
> > Don
> >
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] cyrillics
Hi, I just created a forum and now beta-testing it, I am having problems submitting entries written in cyrillics. It sort of recognizes cyrillics in but recodes it so that it makes it unreadable, while in it doesn't recognize cyrillics at all and acts as though no input has been made. If someone has had similar problems, please help. Thanks, Vlad
[PHP] Cyrillic & MySql issue
Hi guys, I am working on a multilingual web site (English and Ukrainian); so far, I was working on English part and now time to work on Ukrainian. The problem I ran into was that if I submit information to Mysql database something written in cyrillic, I can't get it to display properly when I try to take that info from database at a later time. One person told me I have to recompile mysql, another said that I have to change the column type (now it's 'longtext') If anyone knows how to help me, please let me know, Thanks, Vladislav Kulchitski http://vladik.tripod.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Microsoft Word & PHP
Hi, Can anybody help me with this problem? Basically, I have thousands of MS Word documents. What I need to do is to design an interface that will let you submit more of them into the database, and it should index all these documents, like extract keywords. Is this possible at all via PHP? Also it should index or like re-index existing docs. I would be greatful for some advise or tutorial that does that. Thank you, Vlad http://vladik.tripod.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Registration Form
Hi, I am using registration form with a number of different steps. And if, for instance, the user wants to come back to correct something, I am using the back img button with the link: javascript:history.back(1) I am wondering how many people are actually using the way I do, and if it's reliable at all or not, I mean whether there are browsers wouldn't support returning back and keep the information in the fields. Advice would be greatly appreciated, Thanks, Vlad p.s. probably the best way is to use sessions(?), but I am carrying values through the steps via -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] sessions protection
Hi, can anyone advise about another issue that occurred to me.
Basically, let's say the cracker know that in my application I create a
session variable named "auth_user" for valid users. Is there a way to
hack into it if he knows this session variable name?
Example:
if($action==edit_personalinformation_update)
{
if(!session_is_registered("auth_user"))
{
stop_unauthorized(); // defined function that prints an error
message
return;
}
//SECURE OPERATIONS
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Global variable
The best way for this is to use sessions.
What you do is you check the identity and if it's valid you create a
session with name 'validuser' or whatever the name you want. Then any
secure operations/actions along the script you'll check for this session
name if it exists. I can demonstrate how I did this on my application.
Vlad
-Original Message-
From: Erich Kolb [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 17, 2002 4:07 PM
To: [EMAIL PROTECTED]
Subject: [PHP] Global variable
I have developed a simple login script. Right now it will check a
submitted
username and password and verify it against a database. This part works
fairly well, however I want to know how to assign a variable that will
pass
through to the next page(s) to do something like:
if verified == 1 then {display the page} else {display error message}
My apoligies on the syntax of the above, but hopefully you will get the
idea.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] (MySql) INSERTing into MULTIPLE tables
Hi, I was wondering if the way I am inserting into multiple tables is
safe as far as when there are many simultaneous insertions at a given
time.
Basically, there are two tables, first I insert into main table where
there's username and password (and first/last name, email) and then I
get the auto_number from that table for the record and insert that
auto_number along with more info into secondary table with more info
about the user.
$query4accounts="insert into accounts (username, password, fname, lname,
email) values ('$username', password('$password'), '$fname_eng',
'$lname_eng', '$email')";
$result=mysql_query($query4accounts) or die ("ERROR");
$getid=mysql_query("select * from accounts where username='$username'");
$tmp=mysql_fetch_array($getid);
$userid=$tmp['userid'];
$query4gallery="insert into talkroom_gallery (userid, talkroom_active,
sex, about_eng, livenow_eng, photograph, emailnopublic, homepage, icq,
msn, aim, yahoo) values ('$userid', '$talkroom_active_variable', '$sex',
'$about_eng', '$livenow_eng', '$photograph', '$nopublic', '$homepage',
'$icq', '$msn', '$aim', '$yahoo')";
mysql_query($query4gallery) or die ("ERROR");
Thanks in advance for feedback and possible alternatives.
Vlad
http://vladik.tripod.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] HTML & JS
HI I was wondering if anyone can answer my question :) it's more HTML related though, but I'll dare to post it here and apologize in advance if I am going against the rules. The issues is, if I am using the following code: 25 10 50 100 The problem I am having is that when I get rid of '' it gives the formatting like I needed, and with '' it increases the CELL where I am using this SELECT, like it is like having "", i.e. it's maximizing the height. When I get rid of the whole thing doesn't show in NETSCAPE but does show and work fine in IE 5-6.0 Also can someone help with JS for this option... like as soon as you selected something the page will go loading without having to click SUBMIT. Thanks a lot. Vlad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Dealing with Query String
Privit Maxim, I understand your approach... i.e. I can hardcode it in the links, but what if I will add more variables in a query string... note in the query string there are variables that are not really related to the operation with the table, rather language ($lang=), page ($page=)... for now I guess I will wind up doing it HARD-CODEed way... Thanks, Vlad p.s. if anyone knows how to solve my problems, let me know... I think the function that would be suitable is parse_str() less suitable but still doable would be explode()... p.p.s. for MAXIM: I am doing it with languages switching as you can see on the top of the template.. I am using explode() -Original Message- From: Maxim Maletsky [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 09, 2002 10:04 PM To: Vladislav Kulchitski; [EMAIL PROTECTED] Subject: RE: [PHP] Dealing with Query String In your PHP: On every click collect two variables: $by and $order then, call for this query: Select field from table where this=that order by $by $order; Make sure both variables have their default values in case there was nothing selected. You don't really need a function for this, just a few variables preset before calling mySQL. Do pobachennya, Maxim Maletsky Founder, Chief Developer PHPBeginner.com (Where PHP Begins) [EMAIL PROTECTED] www.phpbeginner.com > -Original Message- > From: Vladislav Kulchitski [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, April 10, 2002 3:49 AM > To: [EMAIL PROTECTED] > Subject: [PHP] Dealing with Query String > > > Hi, > > I need some help with query string. Basically what I am doing is I am > sorting my table, much like you sort columns in OUTLOOK EXPRESS for > instance with a little arrow... > > http://www.kulchitski.com/btl/btl.php?lang=eng&page=talkroom_show&sort=s > ex > > So all I need a function that will grab this query and will change sort= > and another new variable (desc/asc) and will return the same string but > with new values for certain variables... I ran across some function like > this before when Ididn't need it, but just now when I need it badly - > can't seem to be able to find it. Hope someone out there can help. > > Thank you much. > Vlad > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Dealing with Query String
Hi, I need some help with query string. Basically what I am doing is I am sorting my table, much like you sort columns in OUTLOOK EXPRESS for instance with a little arrow... http://www.kulchitski.com/btl/btl.php?lang=eng&page=talkroom_show&sort=s ex So all I need a function that will grab this query and will change sort= and another new variable (desc/asc) and will return the same string but with new values for certain variables... I ran across some function like this before when Ididn't need it, but just now when I need it badly - can't seem to be able to find it. Hope someone out there can help. Thank you much. Vlad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Reliability of sessions
But what you can do with you can make an array of things... so you will only have one How do you pass session IDs via strings? Can you describe in few words please? Vlad Kulchitski.com -Original Message- From: Thomas Deliduka [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 04, 2002 4:54 PM To: PHP List Subject: Re: [PHP] Reliability of sessions On 4/4/02 4:46 PM this was written: > I am not sure about the reliability of sessions, but the way I do it is > also through several processes, and the information passed via type=hidden name=name value=$name> I can demonstrate it if you want. That's what I was wanting to avoid. That's a lot of hidden fields. Not to mention if you have to add to the first step, you need to modify all the others. > Even though sessions are more handy, I still don't know what happens if > cookies are disabled in the client's browser. I pass the session ID in the URL on every page so whether or not cookies are set, the session stays intact. I'm thinking that I solved my old problem and I'm going to do it in the database and pass the order number. That's probably the best way. I only have to provide for order clean-up for those that started the process and decided not to check out. -- Thomas Deliduka IT Manager - New Eve Media The Solution To Your Internet Angst http://www.neweve.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Reliability of sessions
I am not sure about the reliability of sessions, but the way I do it is also through several processes, and the information passed via I can demonstrate it if you want. Even though sessions are more handy, I still don't know what happens if cookies are disabled in the client's browser. Vlad -Original Message- From: Thomas Deliduka [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 04, 2002 4:40 PM To: PHP List Subject: [PHP] Reliability of sessions I have a quick question for a veteren of sessions out there. We're building a shopping cart and I'm playing with the idea of keeping the checkout information such as Shipping and billing address in a session variable until I retrieve it at checkout. The checkout is a step process: Shipping info -> billing info -> confirmation -> final. At shipping and billing the information would be stored in a session variable. To be retrieved at confirmation, etc. (cc information would be encrypted before storing in the session var.) Otherwise I could possibly create the order starting with shipping info in the database and merely pass the order number that is assigned to them. What is the opinion, are sessions reliable enough to go through the step process? -- Thomas Deliduka IT Manager - New Eve Media The Solution To Your Internet Angst http://www.neweve.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP]
I meant to say 'open source OR tutorial' instead of 'open source of tutorial' Sorry -Original Message----- From: Vladislav Kulchitski Sent: Thursday, April 04, 2002 12:14 PM To: [EMAIL PROTECTED] Subject: [PHP] Hi, Can anyone point out the simplest and shall I say the primitive search engine script on the NET somewhere (i.e. open source of tutorial) I need an engine that will serve table in mysql database with three fields, ULRid, URLdescription, URLcategory. Functionality needed is to search through the table, sort by category, and stuff. I'd rather say directory structure instead of search engine, much like yahoo or dmoz open source. Thanks, Vlad kulchitski.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP]
Hi, Can anyone point out the simplest and shall I say the primitive search engine script on the NET somewhere (i.e. open source of tutorial) I need an engine that will serve table in mysql database with three fields, ULRid, URLdescription, URLcategory. Functionality needed is to search through the table, sort by category, and stuff. I'd rather say directory structure instead of search engine, much like yahoo or dmoz open source. Thanks, Vlad kulchitski.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
