Re: [PHP] How to open random Flash page with hyperlink?
* Thus wrote Cody Phanekham ([EMAIL PROTECTED]):
Murugesan,
main.php:
?
session_name(mysessionname);
session_start();
if (!$s_authed) // check access
{
// user hasnt been authorised, therefore redirect to login page
This is exactly why register globals is turned off by default now.
This is a major security hole, I can simply put in the url:
http://host/main.php?s_authed=1
And I would be considered authenticated, throughout the site.
Please turn register_globals off and use the $_SESSION variable to
access your session vars.
Curt
--
I used to think I was indecisive, but now I'm not so sure.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] How to open random Flash page with hyperlink?
Curt,
Your absolutely right it is a security hole, however the response was a quick solution
without much thought in regards to the security integrity of the script.
-Original Message-
From: Curt Zirzow [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 26 August 2003 01:04
To: [EMAIL PROTECTED]
Subject: Re: [PHP] How to open random Flash page with hyperlink?
* Thus wrote Cody Phanekham ([EMAIL PROTECTED]):
Murugesan,
main.php:
?
session_name(mysessionname);
session_start();
if (!$s_authed) // check access
{
// user hasnt been authorised, therefore redirect to login page
This is exactly why register globals is turned off by default now.
This is a major security hole, I can simply put in the url:
http://host/main.php?s_authed=1
And I would be considered authenticated, throughout the site.
Please turn register_globals off and use the $_SESSION variable to
access your session vars.
Curt
--
I used to think I was indecisive, but now I'm not so sure.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
*
This e-mail, including any attachments to it, may contain confidential and/or personal
information.
If you have received this e-mail in error, you must not copy, distribute, or disclose
it, use or take any action
based on the information contained within it.
Please notify the sender immediately by return e-mail of the error and then delete the
original e-mail.
The information contained within this e-mail may be solely the opinion of the sender
and may not necessarily
reflect the position, beliefs or opinions of Salmat on any issue.
This email has been swept for the presence of computer viruses known to Salmat's
anti-virus systems.
For more information, visit our website at www.salmat.com.au.
*
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] How to open random Flash page with hyperlink?
Murugesan,
Ok lets say you want every user to login before they can access other parts of your
site.
index.php:
?
session_name(mysessionname);
session_start();
session_register(s_authed);
$s_authed = 0; // initialize session flag
if ((!$passwd) || (!$username)) // user hasnt logged in
{
// display login form
...
}
else
{
// retrieve database username and password here
...
// check if they match
if (($db_passwd == $passwd) ($db_username == $username))
{
$s_authed = 1; // user has been authorised
// redirect to real page
echo
script
window.location='main.php'
/script;
}
}
?
main.php:
?
session_name(mysessionname);
session_start();
if (!$s_authed) // check access
{
// user hasnt been authorised, therefore redirect to login page
echo
script
window.location='index.php'
/script;
}
else
{
// display page
...
}
?
if a user tries to access main.php directly without logging in they will be redirected
to index.php
checkout http://www.php.net/manual/en/ref.session.php for more information
-Original Message-
From: murugesan [mailto:[EMAIL PROTECTED]
Sent: Friday, 22 August 2003 20:04
To: Cody Phanekham; [EMAIL PROTECTED]
Subject: Re: [PHP] How to open random Flash page with hyperlink?
Thanks for the message.
Can you please tell me how to do session authentication?.
-murugesan
*
This e-mail, including any attachments to it, may contain confidential and/or personal
information.
If you have received this e-mail in error, you must not copy, distribute, or disclose
it, use or take any action
based on the information contained within it.
Please notify the sender immediately by return e-mail of the error and then delete the
original e-mail.
The information contained within this e-mail may be solely the opinion of the sender
and may not necessarily
reflect the position, beliefs or opinions of Salmat on any issue.
This email has been swept for the presence of computer viruses known to Salmat's
anti-virus systems.
For more information, visit our website at www.salmat.com.au.
*
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to open random Flash page with hyperlink?
Thanks for the information.
In the code you provided
if ((!$passwd) || (!$username)) // user hasnt logged in
{
.
Actually I have implemented this in a separate page.
That is upon sign up of the form in the index page
I call a new page auth.php
In that file
I have done this authentication and called the function
header (Location: /main.php?empid=$empidpwd=$pwd);
Actually when passing this URL the password appears in the address bar.
How to over come this? It will be very much usefull if I get the answer.
Thanks in advance
-Murugesan
-
Ok lets say you want every user to login before they can access other parts
of your site.
index.php:
?
session_name(mysessionname);
session_start();
session_register(s_authed);
$s_authed = 0; // initialize session flag
if ((!$passwd) || (!$username)) // user hasnt logged in
{
// display login form
...
}
else
{
// retrieve database username and password here
...
// check if they match
if (($db_passwd == $passwd) ($db_username == $username))
{
$s_authed = 1; // user has been authorised
// redirect to real page
echo
script
window.location='main.php'
/script;
}
}
?
main.php:
?
session_name(mysessionname);
session_start();
if (!$s_authed) // check access
{
// user hasnt been authorised, therefore redirect to login page
echo
script
window.location='index.php'
/script;
}
else
{
// display page
...
}
?
if a user tries to access main.php directly without logging in they will be
redirected to index.php
checkout http://www.php.net/manual/en/ref.session.php for more information
Thanks for the message.
Can you please tell me how to do session authentication?.
-murugesan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] How to open random Flash page with hyperlink?
Murugesan,
I'll assume your redirecting the user to main.php because (s)he has passed the
authentication routine... in that case just store the username and password as a
session variable that way you wont need to pass the username and password via the url.
auth.php, [just before the call to header()]:
?
session_register('empid');
session_register('pwd');
header (Location: /main.php);
?
then in main.php you need to start your session to access the session variables
?
session_name(yoursessionname);
session_start();
// you now have access to $empid and $pwd
echo bryour employee id = $empid and the password you typed was $pwd;
?
-Original Message-
From: murugesan [mailto:[EMAIL PROTECTED]
Sent: Monday, 25 August 2003 15:18
To: Cody Phanekham; [EMAIL PROTECTED]
Subject: Re: [PHP] How to open random Flash page with hyperlink?
Thanks for the information.
In the code you provided
if ((!$passwd) || (!$username)) // user hasnt logged in
{
.
Actually I have implemented this in a separate page.
That is upon sign up of the form in the index page
I call a new page auth.php
In that file
I have done this authentication and called the function
header (Location: /main.php?empid=$empidpwd=$pwd);
Actually when passing this URL the password appears in the
address bar.
How to over come this? It will be very much usefull if I get
the answer.
Thanks in advance
-Murugesan
--
--
--
--
-
Ok lets say you want every user to login before they can
access other parts
of your site.
index.php:
?
session_name(mysessionname);
session_start();
session_register(s_authed);
$s_authed = 0; // initialize session flag
if ((!$passwd) || (!$username)) // user hasnt logged in
{
// display login form
...
}
else
{
// retrieve database username and password here
...
// check if they match
if (($db_passwd == $passwd) ($db_username == $username))
{
$s_authed = 1; // user has been authorised
// redirect to real page
echo
script
window.location='main.php'
/script;
}
}
?
main.php:
?
session_name(mysessionname);
session_start();
if (!$s_authed) // check access
{
// user hasnt been authorised, therefore redirect to login page
echo
script
window.location='index.php'
/script;
}
else
{
// display page
...
}
?
if a user tries to access main.php directly without logging
in they will be
redirected to index.php
checkout http://www.php.net/manual/en/ref.session.php for
more information
Thanks for the message.
Can you please tell me how to do session authentication?.
-murugesan
*
This e-mail, including any attachments to it, may contain confidential and/or personal
information.
If you have received this e-mail in error, you must not copy, distribute, or disclose
it, use or take any action
based on the information contained within it.
Please notify the sender immediately by return e-mail of the error and then delete the
original e-mail.
The information contained within this e-mail may be solely the opinion of the sender
and may not necessarily
reflect the position, beliefs or opinions of Salmat on any issue.
This email has been swept for the presence of computer viruses known to Salmat's
anti-virus systems.
For more information, visit our website at www.salmat.com.au.
*
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to open random Flash page with hyperlink?
Really thanks for the support. It worked well.
-regards,
Murugesan
- Original Message -
From: Cody Phanekham [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, August 25, 2003 11:06 AM
Subject: RE: [PHP] How to open random Flash page with hyperlink?
Murugesan,
I'll assume your redirecting the user to main.php because (s)he has passed
the authentication routine... in that case just store the username and
password as a session variable that way you wont need to pass the username
and password via the url.
auth.php, [just before the call to header()]:
?
session_register('empid');
session_register('pwd');
header (Location: /main.php);
?
then in main.php you need to start your session to access the session
variables
?
session_name(yoursessionname);
session_start();
// you now have access to $empid and $pwd
echo bryour employee id = $empid and the password you typed was $pwd;
?
-Original Message-
From: murugesan [mailto:[EMAIL PROTECTED]
Sent: Monday, 25 August 2003 15:18
To: Cody Phanekham; [EMAIL PROTECTED]
Subject: Re: [PHP] How to open random Flash page with hyperlink?
Thanks for the information.
In the code you provided
if ((!$passwd) || (!$username)) // user hasnt logged in
{
.
Actually I have implemented this in a separate page.
That is upon sign up of the form in the index page
I call a new page auth.php
In that file
I have done this authentication and called the function
header (Location: /main.php?empid=$empidpwd=$pwd);
Actually when passing this URL the password appears in the
address bar.
How to over come this? It will be very much usefull if I get
the answer.
Thanks in advance
-Murugesan
--
--
--
--
-
Ok lets say you want every user to login before they can
access other parts
of your site.
index.php:
?
session_name(mysessionname);
session_start();
session_register(s_authed);
$s_authed = 0; // initialize session flag
if ((!$passwd) || (!$username)) // user hasnt logged in
{
// display login form
...
}
else
{
// retrieve database username and password here
...
// check if they match
if (($db_passwd == $passwd) ($db_username == $username))
{
$s_authed = 1; // user has been authorised
// redirect to real page
echo
script
window.location='main.php'
/script;
}
}
?
main.php:
?
session_name(mysessionname);
session_start();
if (!$s_authed) // check access
{
// user hasnt been authorised, therefore redirect to login page
echo
script
window.location='index.php'
/script;
}
else
{
// display page
...
}
?
if a user tries to access main.php directly without logging
in they will be
redirected to index.php
checkout http://www.php.net/manual/en/ref.session.php for
more information
Thanks for the message.
Can you please tell me how to do session authentication?.
-murugesan
*
This e-mail, including any attachments to it, may contain confidential
and/or personal information.
If you have received this e-mail in error, you must not copy, distribute, or
disclose it, use or take any action
based on the information contained within it.
Please notify the sender immediately by return e-mail of the error and then
delete the original e-mail.
The information contained within this e-mail may be solely the opinion of
the sender and may not necessarily
reflect the position, beliefs or opinions of Salmat on any issue.
This email has been swept for the presence of computer viruses known to
Salmat's anti-virus systems.
For more information, visit our website at www.salmat.com.au.
*
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to open random Flash page with hyperlink?
Thanks for the message.
Can you please tell me how to do session authentication?.
-murugesan
- Original Message -
From: Cody Phanekham [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, August 22, 2003 10:05 AM
Subject: FW: [PHP] How to open random Flash page with hyperlink?
-Original Message-
From: murugesan [mailto:[EMAIL PROTECTED]
some more changes
param name=movie value=?php echo $value ?
embed src=?php echo $value ?/embed
Murugesan,
both ways are correct. Its just that i'm used to using the short open tag :)
http://au.php.net/manual/en/configuration.directives.php#ini.short-open-tag
http://au.php.net/manual/en/configuration.directives.php#ini.short-open-tag
short_open_tag http://au.php.net/manual/en/language.types.boolean.php
boolean
Tells whether the short form (? ?) of PHP's open tag should be allowed. If
you want to use PHP in combination with XML, you can disable this option in
order to use ?xml ? inline. Otherwise, you can print it with PHP, for
example: ?php echo '?xml version=1.0'; ?. Also if disabled, you must
use the long form of the PHP open tag (?php ?).
Note: This directive also affects the shorthand ?=, which is identical to
? echo. Use of this shortcut requires short_open_tag to be on.
- Original Message -
From: Cody Phanekham mailto:[EMAIL PROTECTED]
[EMAIL PROTECTED]
To: mailto:[EMAIL PROTECTED] [EMAIL PROTECTED]
Sent: Friday, August 22, 2003 9:32 AM
Subject: RE: [PHP] How to open random Flash page with hyperlink?
Phillip,
pretty close. only a few things that are missing/incorrect.
my corrections are marked by a #
-Original Message-
From: Phillip Pang [mailto:[EMAIL PROTECTED]
// random_menu.html
head
?php
$i = rand(0,3);
?
/head
body
a href = x http://www.x.com/random.php?i=$i
www.x.com/random.php?i=$ix/a
# you need to go back to php mode to use $i
a href = http://www.x.com/random.php?i www.x.com/random.php?i=? echo
$i ?x/a
/body
---
// random.php
head
?php
$i = $_post[i];
# im pretty sure the value would be past via the GET method as the user
would be clicking the hyperlink, so it should look like
$i = $_GET[i];
if ($i = = 0){
# there shouldnt be any spaces for the comparison
if ($i == 0){
$value = a;
}
else if ($i = = 1){
# there shouldnt be any spaces for the comparison
else if ($i == 1){
$value = b;
}
...etc.
# dont forget to get out of php mode
?
/head
body
object
param name=movie value=$value
# need to go back to php mode to use $value
param name=movie value=?php echo $value ?
embed src=$value/embed
# need to go back to php mode to use $value
embed src=?php echo $value ?/embed
/object
/body
Please help if you know how to do this. Thanks in advance.
phil*
-murugesan
*
This e-mail, including any attachments to it, may contain confidential
and/or personal information.
If you have received this e-mail in error, you must not copy, distribute, or
disclose it, use or take any action
based on the information contained within it.
Please notify the sender immediately by return e-mail of the error and then
delete the original e-mail.
The information contained within this e-mail may be solely the opinion of
the sender and may not necessarily
reflect the position, beliefs or opinions of Salmat on any issue.
This email has been swept for the presence of computer viruses known to
Salmat's anti-virus systems.
For more information, visit our website at www.salmat.com.au.
*
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] How to open random Flash page with hyperlink?
Hey everyone,
I'm new to using PHP so please bear with me.
I'm trying to create a hyperlink that will open a random Flash page so that
users will see a different flash module each time. Here is some of the code
that I wrote but I'm not sure if it'll work since I'm not very good at
coding. Oh yeah, I'm not using a database either.
// random_menu.html
head
?php
$i = rand(0,3);
?
/head
body
a href = www.x.com/random.php?i=$ix/a
/body
---
// random.php
head
?php
$i = $_post[i];
if ($i = = 0){
$value = a;
}
else if ($i = = 1){
$value = b;
}
...etc.
/head
body
object
param name=movie value=$value
embed src=$value/embed
/object
/body
Please help if you know how to do this. Thanks in advance.
phil*
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] How to open random Flash page with hyperlink?
Phillip,
pretty close. only a few things that are missing/incorrect.
my corrections are marked by a #
-Original Message-
From: Phillip Pang [mailto:[EMAIL PROTECTED]
// random_menu.html
head
?php
$i = rand(0,3);
?
/head
body
a href = www.x.com/random.php?i=$ix/a
# you need to go back to php mode to use $i
a href = www.x.com/random.php?i=? echo $i ?x/a
/body
---
// random.php
head
?php
$i = $_post[i];
# im pretty sure the value would be past via the GET method as the user would be
clicking the hyperlink, so it should look like
$i = $_GET[i];
if ($i = = 0){
# there shouldnt be any spaces for the comparison
if ($i == 0){
$value = a;
}
else if ($i = = 1){
# there shouldnt be any spaces for the comparison
else if ($i == 1){
$value = b;
}
...etc.
# dont forget to get out of php mode
?
/head
body
object
param name=movie value=$value
# need to go back to php mode to use $value
param name=movie value=? echo $value ?
embed src=$value/embed
# need to go back to php mode to use $value
embed src=? echo $value ?/embed
/object
/body
Please help if you know how to do this. Thanks in advance.
phil*
hope that helps
Cody
*
This e-mail, including any attachments to it, may contain confidential and/or personal
information.
If you have received this e-mail in error, you must not copy, distribute, or disclose
it, use or take any action
based on the information contained within it.
Please notify the sender immediately by return e-mail of the error and then delete the
original e-mail.
The information contained within this e-mail may be solely the opinion of the sender
and may not necessarily
reflect the position, beliefs or opinions of Salmat on any issue.
This email has been swept for the presence of computer viruses known to Salmat's
anti-virus systems.
For more information, visit our website at www.salmat.com.au.
*
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to open random Flash page with hyperlink?
Hello
some more changes
param name=movie value=?php echo $value ?
embed src=?php echo $value ?/embed
-murugesan
- Original Message -
From: Cody Phanekham [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, August 22, 2003 9:32 AM
Subject: RE: [PHP] How to open random Flash page with hyperlink?
Phillip,
pretty close. only a few things that are missing/incorrect.
my corrections are marked by a #
-Original Message-
From: Phillip Pang [mailto:[EMAIL PROTECTED]
// random_menu.html
head
?php
$i = rand(0,3);
?
/head
body
a href = www.x.com/random.php?i=$ix/a
# you need to go back to php mode to use $i
a href = www.x.com/random.php?i=? echo $i ?x/a
/body
---
// random.php
head
?php
$i = $_post[i];
# im pretty sure the value would be past via the GET method as the user would be
clicking the hyperlink, so it should look like
$i = $_GET[i];
if ($i = = 0){
# there shouldnt be any spaces for the comparison
if ($i == 0){
$value = a;
}
else if ($i = = 1){
# there shouldnt be any spaces for the comparison
else if ($i == 1){
$value = b;
}
...etc.
# dont forget to get out of php mode
?
/head
body
object
param name=movie value=$value
# need to go back to php mode to use $value
param name=movie value=?php echo $value ?
embed src=$value/embed
# need to go back to php mode to use $value
embed src=?php echo $value ?/embed
/object
/body
Please help if you know how to do this. Thanks in advance.
phil*
-murugesan
FW: [PHP] How to open random Flash page with hyperlink?
-Original Message-
From: murugesan [mailto:[EMAIL PROTECTED]
some more changes
param name=movie value=?php echo $value ?
embed src=?php echo $value ?/embed
Murugesan,
both ways are correct. Its just that i'm used to using the short open tag :)
http://au.php.net/manual/en/configuration.directives.php#ini.short-open-tag
http://au.php.net/manual/en/configuration.directives.php#ini.short-open-tag
short_open_tag http://au.php.net/manual/en/language.types.boolean.php boolean
Tells whether the short form (? ?) of PHP's open tag should be allowed. If you want
to use PHP in combination with XML, you can disable this option in order to use ?xml
? inline. Otherwise, you can print it with PHP, for example: ?php echo '?xml
version=1.0'; ?. Also if disabled, you must use the long form of the PHP open tag
(?php ?).
Note: This directive also affects the shorthand ?=, which is identical to ? echo.
Use of this shortcut requires short_open_tag to be on.
- Original Message -
From: Cody Phanekham mailto:[EMAIL PROTECTED] [EMAIL PROTECTED]
To: mailto:[EMAIL PROTECTED] [EMAIL PROTECTED]
Sent: Friday, August 22, 2003 9:32 AM
Subject: RE: [PHP] How to open random Flash page with hyperlink?
Phillip,
pretty close. only a few things that are missing/incorrect.
my corrections are marked by a #
-Original Message-
From: Phillip Pang [mailto:[EMAIL PROTECTED]
// random_menu.html
head
?php
$i = rand(0,3);
?
/head
body
a href = x http://www.x.com/random.php?i=$i www.x.com/random.php?i=$ix/a
# you need to go back to php mode to use $i
a href = http://www.x.com/random.php?i www.x.com/random.php?i=? echo $i
?x/a
/body
---
// random.php
head
?php
$i = $_post[i];
# im pretty sure the value would be past via the GET method as the user would be
clicking the hyperlink, so it should look like
$i = $_GET[i];
if ($i = = 0){
# there shouldnt be any spaces for the comparison
if ($i == 0){
$value = a;
}
else if ($i = = 1){
# there shouldnt be any spaces for the comparison
else if ($i == 1){
$value = b;
}
...etc.
# dont forget to get out of php mode
?
/head
body
object
param name=movie value=$value
# need to go back to php mode to use $value
param name=movie value=?php echo $value ?
embed src=$value/embed
# need to go back to php mode to use $value
embed src=?php echo $value ?/embed
/object
/body
Please help if you know how to do this. Thanks in advance.
phil*
-murugesan
*
This e-mail, including any attachments to it, may contain confidential and/or personal
information.
If you have received this e-mail in error, you must not copy, distribute, or disclose
it, use or take any action
based on the information contained within it.
Please notify the sender immediately by return e-mail of the error and then delete the
original e-mail.
The information contained within this e-mail may be solely the opinion of the sender
and may not necessarily
reflect the position, beliefs or opinions of Salmat on any issue.
This email has been swept for the presence of computer viruses known to Salmat's
anti-virus systems.
For more information, visit our website at www.salmat.com.au.
*
