Re: [PHP] WEB LOG

Mon, 24 Sep 2001 06:45:04 -0700 

Hi all,

I'm new to php but I would look at the concept of setting a cookie on the
log-in page and then testing for that cookie on the http://therealsite page
and redirecting failues accordingly. In fact that could be set into every
page to make sure that people have to go thru the log-in page. You still
check for the password though.

George, a php newbie

----- Original Message -----
From: "Andreas Gietl" <[EMAIL PROTECTED]>
To: "Jeffrey Paul" <[EMAIL PROTECTED]>; "Chris Herring"
<[EMAIL PROTECTED]>; "php list" <[EMAIL PROTECTED]>
Sent: Monday, September 24, 2001 3:09 PM
Subject: Re: [PHP] WEB LOG


> On Monday 24 September 2001 16:04, Jeffrey Paul wrote:
>
> Well. If you check the HTTP_REFERER on the target-site it would work and
give
> you at least some "security". However it is still not really secure.
>
>
>
> > At 07:08 AM 9/24/2001, Chris Herring wrote:
> > >OOPS, again, elseif isn't what needs to be done.
> > >
> > >Ok, here we go.
> > >
> > >if $pwd == $real_pwd {
> > >header ("Location: http://therealsite";);
> > >} else {
> > >header ("Location: http://badsite";);
> > >}
> >
> > For the record, that won't stop someone from going to the destination
page
> > if the password doesn't match, which is what the person asked about.
All
> > this will do is send them a redirect to an error page if the password
> > doesn't match, it doesn't prevent anyone at all from hitting, in your
> > example, http://therealsite.
> >
> > -j
> >
> >
> > --------------------------------------------------------
> > Jeffrey Paul      [EMAIL PROTECTED]      (877) 748 3467
> > ICQ: 14295546     AIM: kw34hd1     NXTL/DC: 130*21*16749
> > PGP: 0xF50BB9D7 A21AFD828C30EC77CCCC545DA0B3F501F50BB9D7
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to