Re: [PHP] passwd protected page
on 26/06/03 5:23 PM, Bibhas Kumar Samanta ([EMAIL PROTECTED]) wrote: my problem is that when I use sessions in the restricted pages the session_start() seem to reset the form ( when other filled in data is lost) when go back to the form using Back in the browser. So I wanted to avoid session_start This seems like more of a limitation of WHERE you're starting the session, or a limitation of how your browser deals with forms. I'm unsure of your exact problem (since you haven't posted a URL for us to see what's wrong, and you haven't shown us any code), but I can guarantee that all the large PHP sites use sessions -- your problem is not a problem with PHP's sessions exactly -- more like a quirk/problem with HOW you've implemented it I *think*. Justin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] passwd protected page
Hi, You can validate user on login page and sets the flag in database table. Then on each page you have to check that flag again DS -Original Message- From: Bibhas Kumar Samanta [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 8:52 AM To: [EMAIL PROTECTED] Subject: [PHP] passwd protected page Hi, Without using sessions , how can I create passwd protected pages in mysql/php. I need to remember the user from login page and validate this user in other pages. Thanks, Bibhas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] passwd protected page
-Will it be secure? -What will happen in case browser crashes setting the flag, I guess , in sessions, sessions will be terminated. -Bibhas Sichta Daniel wrote: Hi, You can validate user on login page and sets the flag in database table. Then on each page you have to check that flag again DS -Original Message- From: Bibhas Kumar Samanta [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 8:52 AM To: [EMAIL PROTECTED] Subject: [PHP] passwd protected page Hi, Without using sessions , how can I create passwd protected pages in mysql/php. I need to remember the user from login page and validate this user in other pages. Thanks, Bibhas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] passwd protected page
how should I pass the logged in user to other pages ? In the database at the same time there might be several user logged in ? Thanks, Bibhas Sichta Daniel wrote: Hi, You can validate user on login page and sets the flag in database table. Then on each page you have to check that flag again DS -Original Message- From: Bibhas Kumar Samanta [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 8:52 AM To: [EMAIL PROTECTED] Subject: [PHP] passwd protected page Hi, Without using sessions , how can I create passwd protected pages in mysql/php. I need to remember the user from login page and validate this user in other pages. Thanks, Bibhas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] passwd protected page
Why not use sessions, store a $loggedin value in a session or cookie And check that at the top of each page.. no session = no access Hope this helps - Chris Kay Techex Communications Website: www.techex.com.au Email: [EMAIL PROTECTED] Telephone: 1300 88 111 2 - Fax: 1300 882 221 - -Original Message- From: Bibhas Kumar Samanta [mailto:[EMAIL PROTECTED] Sent: Thursday, 26 June 2003 5:14 PM To: Sichta Daniel Cc: [EMAIL PROTECTED] Subject: Re: [PHP] passwd protected page how should I pass the logged in user to other pages ? In the database at the same time there might be several user logged in ? Thanks, Bibhas Sichta Daniel wrote: Hi, You can validate user on login page and sets the flag in database table. Then on each page you have to check that flag again DS -Original Message- From: Bibhas Kumar Samanta [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 8:52 AM To: [EMAIL PROTECTED] Subject: [PHP] passwd protected page Hi, Without using sessions , how can I create passwd protected pages in mysql/php. I need to remember the user from login page and validate this user in other pages. Thanks, Bibhas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Message protected by MailGuard: e-mail anti-virus, anti-spam and content filtering. http://www.mailguard.com.au/mg -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] passwd protected page
my problem is that when I use sessions in the restricted pages the session_start() seem to reset the form ( when other filled in data is lost) when go back to the form using Back in the browser. So I wanted to avoid session_start How are the good php sites designed ? regds, Bibhas Chris Kay wrote: Why not use sessions, store a $loggedin value in a session or cookie And check that at the top of each page.. no session = no access Hope this helps - Chris Kay Techex Communications Website: www.techex.com.au Email: [EMAIL PROTECTED] Telephone: 1300 88 111 2 - Fax: 1300 882 221 - -Original Message- From: Bibhas Kumar Samanta [mailto:[EMAIL PROTECTED] Sent: Thursday, 26 June 2003 5:14 PM To: Sichta Daniel Cc: [EMAIL PROTECTED] Subject: Re: [PHP] passwd protected page how should I pass the logged in user to other pages ? In the database at the same time there might be several user logged in ? Thanks, Bibhas Sichta Daniel wrote: Hi, You can validate user on login page and sets the flag in database table. Then on each page you have to check that flag again DS -Original Message- From: Bibhas Kumar Samanta [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 8:52 AM To: [EMAIL PROTECTED] Subject: [PHP] passwd protected page Hi, Without using sessions , how can I create passwd protected pages in mysql/php. I need to remember the user from login page and validate this user in other pages. Thanks, Bibhas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Message protected by MailGuard: e-mail anti-virus, anti-spam and content filtering. http://www.mailguard.com.au/mg -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] passwd protected page
Sorry I didn't read the first post about not wanting to use sessions, what about cookies? What about making a hash of the username and password and place it in the url EG: /main.php?u=chrisp=AJKHSA765JAFG443320 Something like that Check the hash against the database each page $db = mysql_query(select * from users where username = '. $_GET['u'] .'); if ( mysql_num_rows($db) ) { $database = mysql_fetch_array($db); If ( $_GET['p'] == md5($database[password]) ) { // Let them go } else { header(Location: error.php?error=invalid); } } else { header(Location: error.php?error=noset); } Try this it will work - Chris Kay Techex Communications Website: www.techex.com.au Email: [EMAIL PROTECTED] Telephone: 1300 88 111 2 - Fax: 1300 882 221 - -Original Message- From: Chris Kay Sent: Thursday, 26 June 2003 5:19 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [PHP] passwd protected page Why not use sessions, store a $loggedin value in a session or cookie And check that at the top of each page.. no session = no access Hope this helps - Chris Kay Techex Communications Website: www.techex.com.au Email: [EMAIL PROTECTED] Telephone: 1300 88 111 2 - Fax: 1300 882 221 - -Original Message- From: Bibhas Kumar Samanta [mailto:[EMAIL PROTECTED] Sent: Thursday, 26 June 2003 5:14 PM To: Sichta Daniel Cc: [EMAIL PROTECTED] Subject: Re: [PHP] passwd protected page how should I pass the logged in user to other pages ? In the database at the same time there might be several user logged in ? Thanks, Bibhas Sichta Daniel wrote: Hi, You can validate user on login page and sets the flag in database table. Then on each page you have to check that flag again DS -Original Message- From: Bibhas Kumar Samanta [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 8:52 AM To: [EMAIL PROTECTED] Subject: [PHP] passwd protected page Hi, Without using sessions , how can I create passwd protected pages in mysql/php. I need to remember the user from login page and validate this user in other pages. Thanks, Bibhas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Message protected by MailGuard: e-mail anti-virus, anti-spam and content filtering. http://www.mailguard.com.au/mg -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] passwd protected page
ARGGG bad day for coding reading Replace if ( mysql_num_rows($db) ) { with if ( mysql_num_rows($db)==1 ) { now I am going home before I cause any more damage :) - Chris Kay Techex Communications Website: www.techex.com.au Email: [EMAIL PROTECTED] Telephone: 1300 88 111 2 - Fax: 1300 882 221 - -Original Message- From: Chris Kay Sent: Thursday, 26 June 2003 5:27 PM To: Chris Kay; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [PHP] passwd protected page Sorry I didn't read the first post about not wanting to use sessions, what about cookies? What about making a hash of the username and password and place it in the url EG: /main.php?u=chrisp=AJKHSA765JAFG443320 Something like that Check the hash against the database each page $db = mysql_query(select * from users where username = '. $_GET['u'] .'); if ( mysql_num_rows($db) ) { $database = mysql_fetch_array($db); If ( $_GET['p'] == md5($database[password]) ) { // Let them go } else { header(Location: error.php?error=invalid); } } else { header(Location: error.php?error=noset); } Try this it will work - Chris Kay Techex Communications Website: www.techex.com.au Email: [EMAIL PROTECTED] Telephone: 1300 88 111 2 - Fax: 1300 882 221 - -Original Message- From: Chris Kay Sent: Thursday, 26 June 2003 5:19 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [PHP] passwd protected page Why not use sessions, store a $loggedin value in a session or cookie And check that at the top of each page.. no session = no access Hope this helps - Chris Kay Techex Communications Website: www.techex.com.au Email: [EMAIL PROTECTED] Telephone: 1300 88 111 2 - Fax: 1300 882 221 - -Original Message- From: Bibhas Kumar Samanta [mailto:[EMAIL PROTECTED] Sent: Thursday, 26 June 2003 5:14 PM To: Sichta Daniel Cc: [EMAIL PROTECTED] Subject: Re: [PHP] passwd protected page how should I pass the logged in user to other pages ? In the database at the same time there might be several user logged in ? Thanks, Bibhas Sichta Daniel wrote: Hi, You can validate user on login page and sets the flag in database table. Then on each page you have to check that flag again DS -Original Message- From: Bibhas Kumar Samanta [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 8:52 AM To: [EMAIL PROTECTED] Subject: [PHP] passwd protected page Hi, Without using sessions , how can I create passwd protected pages in mysql/php. I need to remember the user from login page and validate this user in other pages. Thanks, Bibhas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Message protected by MailGuard: e-mail anti-virus, anti-spam and content filtering. http://www.mailguard.com.au/mg -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] passwd protected page[Scanned]
Bibhas, I've seen many references to the phpBB application on this list in the past and had a look at it in detail some weeks ago. It's a fairly large application but the way they deal with sessions is instructive. If I've understood it correctly they don't use the session management features in PHP but create their own. When a user visits the site a session is created with a unique identifier. This is then stored in a sessions table in the database. The session ID is passed to other pages as the user visits them either by use of cookies or by appending the session id to each url. If the user logs in then the user id is also stored in the relevant sessions table and other information about the user is pulled from a users table for that user id. If you download the application - www.phpbb.com - you'll find the relevant code in the sessions file within the includes directory - though they have recently upgraded the application so this might have changed. HTH, Michael Egan -Original Message- From: Bibhas Kumar Samanta [mailto:[EMAIL PROTECTED] Sent: 26 June 2003 08:23 To: Chris Kay Cc: [EMAIL PROTECTED] Subject: Re: [PHP] passwd protected page[Scanned] my problem is that when I use sessions in the restricted pages the session_start() seem to reset the form ( when other filled in data is lost) when go back to the form using Back in the browser. So I wanted to avoid session_start How are the good php sites designed ? regds, Bibhas Chris Kay wrote: Why not use sessions, store a $loggedin value in a session or cookie And check that at the top of each page.. no session = no access Hope this helps - Chris Kay Techex Communications Website: www.techex.com.au Email: [EMAIL PROTECTED] Telephone: 1300 88 111 2 - Fax: 1300 882 221 - -Original Message- From: Bibhas Kumar Samanta [mailto:[EMAIL PROTECTED] Sent: Thursday, 26 June 2003 5:14 PM To: Sichta Daniel Cc: [EMAIL PROTECTED] Subject: Re: [PHP] passwd protected page how should I pass the logged in user to other pages ? In the database at the same time there might be several user logged in ? Thanks, Bibhas Sichta Daniel wrote: Hi, You can validate user on login page and sets the flag in database table. Then on each page you have to check that flag again DS -Original Message- From: Bibhas Kumar Samanta [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 8:52 AM To: [EMAIL PROTECTED] Subject: [PHP] passwd protected page Hi, Without using sessions , how can I create passwd protected pages in mysql/php. I need to remember the user from login page and validate this user in other pages. Thanks, Bibhas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Message protected by MailGuard: e-mail anti-virus, anti-spam and content filtering. http://www.mailguard.com.au/mg -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php