I guess it is... but read the replys to my email, the solution is quite
simple and effective.
At 16:49 14/8/2001 +0100, you wrote:
what about registering a var called loggedin with the session and then
testing on each script to see if it's set to 1 or something ?
then base the access on that ? that's what i use and then register uid with
the session as well so you can use it througout your site ...
ok you've got me worried now, are there any problems with security doing it
that way
Steve
Christian Dechery [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I have pages that uses session for security that looks something like
this:
?php
session_start();
if( !isset($uid) )
{
include(include/auth.inc.php);
auth_user();
}
more code...
?
so $uid tells me if the user is logged on or not...
but what if somebody calls the script directly from the address bar like
this: http://server/script.php?uid=10
wouldn't this be a security problem?
Christian Dechery (lemming)
http://www.tanamesa.com.br
Gaita-L Owner / Web Developer
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
. Christian Dechery (lemming)
. http://www.tanamesa.com.br
. Gaita-L Owner / Web Developer
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
