Re: [PHP] WEB LOG
This is the reason why i wrote it is just some security. On Monday 24 September 2001 16:15, Jeffrey Paul wrote: > At 10:09 AM 9/24/2001, Andreas Gietl wrote: > >Well. If you check the HTTP_REFERER on the target-site it would work and > > give you at least some "security". However it is still not really secure. > > Wrong. Many browsers don't send the Referer: header, not to mention it's > downright trivial to spoof it. This doesn't afford any more security at > all. > > -j > > > > Jeffrey Paul [EMAIL PROTECTED] (877) 748 3467 > ICQ: 14295546 AIM: kw34hd1 NXTL/DC: 130*21*16749 > PGP: 0xF50BB9D7 A21AFD828C30EC77545DA0B3F501F50BB9D7 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] WEB LOG
At 10:09 AM 9/24/2001, Andreas Gietl wrote: >Well. If you check the HTTP_REFERER on the target-site it would work and give >you at least some "security". However it is still not really secure. Wrong. Many browsers don't send the Referer: header, not to mention it's downright trivial to spoof it. This doesn't afford any more security at all. -j Jeffrey Paul [EMAIL PROTECTED] (877) 748 3467 ICQ: 14295546 AIM: kw34hd1 NXTL/DC: 130*21*16749 PGP: 0xF50BB9D7 A21AFD828C30EC77545DA0B3F501F50BB9D7 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] WEB LOG
Hi all, I'm new to php but I would look at the concept of setting a cookie on the log-in page and then testing for that cookie on the http://therealsite page and redirecting failues accordingly. In fact that could be set into every page to make sure that people have to go thru the log-in page. You still check for the password though. George, a php newbie - Original Message - From: "Andreas Gietl" <[EMAIL PROTECTED]> To: "Jeffrey Paul" <[EMAIL PROTECTED]>; "Chris Herring" <[EMAIL PROTECTED]>; "php list" <[EMAIL PROTECTED]> Sent: Monday, September 24, 2001 3:09 PM Subject: Re: [PHP] WEB LOG > On Monday 24 September 2001 16:04, Jeffrey Paul wrote: > > Well. If you check the HTTP_REFERER on the target-site it would work and give > you at least some "security". However it is still not really secure. > > > > > At 07:08 AM 9/24/2001, Chris Herring wrote: > > >OOPS, again, elseif isn't what needs to be done. > > > > > >Ok, here we go. > > > > > >if $pwd == $real_pwd { > > >header ("Location: http://therealsite";); > > >} else { > > >header ("Location: http://badsite";); > > >} > > > > For the record, that won't stop someone from going to the destination page > > if the password doesn't match, which is what the person asked about. All > > this will do is send them a redirect to an error page if the password > > doesn't match, it doesn't prevent anyone at all from hitting, in your > > example, http://therealsite. > > > > -j > > > > > > > > Jeffrey Paul [EMAIL PROTECTED] (877) 748 3467 > > ICQ: 14295546 AIM: kw34hd1 NXTL/DC: 130*21*16749 > > PGP: 0xF50BB9D7 A21AFD828C30EC77545DA0B3F501F50BB9D7 > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] WEB LOG
On Monday 24 September 2001 16:04, Jeffrey Paul wrote: Well. If you check the HTTP_REFERER on the target-site it would work and give you at least some "security". However it is still not really secure. > At 07:08 AM 9/24/2001, Chris Herring wrote: > >OOPS, again, elseif isn't what needs to be done. > > > >Ok, here we go. > > > >if $pwd == $real_pwd { > >header ("Location: http://therealsite";); > >} else { > >header ("Location: http://badsite";); > >} > > For the record, that won't stop someone from going to the destination page > if the password doesn't match, which is what the person asked about. All > this will do is send them a redirect to an error page if the password > doesn't match, it doesn't prevent anyone at all from hitting, in your > example, http://therealsite. > > -j > > > > Jeffrey Paul [EMAIL PROTECTED] (877) 748 3467 > ICQ: 14295546 AIM: kw34hd1 NXTL/DC: 130*21*16749 > PGP: 0xF50BB9D7 A21AFD828C30EC77545DA0B3F501F50BB9D7 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] WEB LOG
At 07:08 AM 9/24/2001, Chris Herring wrote: >OOPS, again, elseif isn't what needs to be done. > >Ok, here we go. > >if $pwd == $real_pwd { >header ("Location: http://therealsite";); >} else { >header ("Location: http://badsite";); >} > For the record, that won't stop someone from going to the destination page if the password doesn't match, which is what the person asked about. All this will do is send them a redirect to an error page if the password doesn't match, it doesn't prevent anyone at all from hitting, in your example, http://therealsite. -j Jeffrey Paul [EMAIL PROTECTED] (877) 748 3467 ICQ: 14295546 AIM: kw34hd1 NXTL/DC: 130*21*16749 PGP: 0xF50BB9D7 A21AFD828C30EC77545DA0B3F501F50BB9D7 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] WEB LOG
OOPS, again, elseif isn't what needs to be done. Ok, here we go. if $pwd == $real_pwd { header ("Location: http://therealsite";); } else { header ("Location: http://badsite";); } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] WEB LOG
Oops, I looked through this too fast; I might have worked out what really needs to be done... if $pwd == $real_pwd { header ("Location: http://actualdestinedsite";); } elsif { header ("Location: http://evilsitethathasanerror";); } - Original Message - From: "Ardani Sarjito" <[EMAIL PROTECTED]> To: "php_list" <[EMAIL PROTECTED]> Sent: Sunday, September 23, 2001 9:35 PM Subject: [PHP] WEB LOG > hi all! > > I'm just about to try to make my first weblog page. > > I find some problem. > > I want to make the user not being able to go to the destination page if the > password does match. > > how do I do that? > > any help would be greatly appreciated. > > Thanks alot! > > Ardani > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] WEB LOG
hi all! I'm just about to try to make my first weblog page. I find some problem. I want to make the user not being able to go to the destination page if the password does match. how do I do that? any help would be greatly appreciated. Thanks alot! Ardani -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]