subject:"Re\: \[PHP\-DB\] The Ethics and Access of Login"

RE: [PHP-DB] The Ethics and Access of Login

2002-10-28 Thread Daevid Vincent

Brooks [mailto:eurleif@;buyer-brokerage.com] > Sent: Monday, October 28, 2002 9:08 PM > To: Daevid Vincent > Cc: [EMAIL PROTECTED] > Subject: Re: [PHP-DB] The Ethics and Access of Login > > > That's a HUGE security flaw! Anyone could send that in a GPC > value and > get unau

Re: [PHP-DB] The Ethics and Access of Login

2002-10-28 Thread Leif K-Brooks

That's a HUGE security flaw! Anyone could send that in a GPC value and get unauthorized access! USE $_SESSION['login'] INSTEAD!!! Daevid Vincent wrote Then at the top of each page, just check if they're logged in or not. if( !$login ) { Header("Location: ".$LOGINPAGE."\n\n"); exit; } --

RE: [PHP-DB] The Ethics and Access of Login

2002-10-28 Thread Daevid Vincent

Well, what I would suggest is you log them in once, then set a session variable such that $_SESSION["login"] = true; Then at the top of each page, just check if they're logged in or not. if( !$login ) { Header("Location: ".$LOGINPAGE."\n\n"); exit; } No hit to the db for every page. If you're

RE: [PHP-DB] The Ethics and Access of Login

Re: [PHP-DB] The Ethics and Access of Login

RE: [PHP-DB] The Ethics and Access of Login

3 matches

Site Navigation

Mail list logo

Footer information