Re: [PHP] Cannot pass values from one page to another
Hi, Ok this is a major vulnerability that you are coding. Register globals on and password being stored in the session is like having a banner on your home page saying 'come and hack me'. murugesan wrote: My register_globals in set to ON in php.ini file. I cannot use HTTP_COOKIE_VARS because I need to pass the password from one page to another. -murugesan - Original Message - From: [EMAIL PROTECTED] To: php mailing list [EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 7:13 PM Subject: Re: [PHP] Cannot pass values from one page to another what's your register globals settings? did you try to retrieve from HTTP_COOKIE_VARS ? murugesan wrote: Thanks for the message. I looked into the manual. But it is not working. Ofcourse I used session_start in every pages. -murugesan - Original Message - From: Jay Blanchard [EMAIL PROTECTED] To: murugesan [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 5:23 PM Subject: RE: [PHP] Cannot pass values from one page to another [snip] I got this value in next page(main.php) But from there I am not able to pass it to next page I used session_register('uid'); in main.php but in next page $uid is returning null [/snip] First, look at the manual for sessions. You have posted many questions where the manual would have provided you a solution. Are you placing session_start() at the top of each page where you expect session variables to be available? You should be... Have a pleasant day. -- http://www.raditha.com/php/progress.php A progress bar for PHP file uploads. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- http://www.raditha.com/php/progress.php A progress bar for PHP file uploads. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cannot pass values from one page to another
From: [EMAIL PROTECTED] Ok this is a major vulnerability that you are coding. Register globals on and password being stored in the session is like having a banner on your home page saying 'come and hack me'. Please explain how you've come to this conclusion... ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cannot pass values from one page to another
Hi, Didn't know this was the army :-) first unless you got your variable ordering (POST, GET, Env, Sesssion etc). the values in the session can be easily overridden with a simple old query string. Sure would hate to have my username and password passed along to each page. remember that when you are using cookies the data actually get's transferred between the client and the server. best regards CPT John W. Holmes wrote: From: [EMAIL PROTECTED] Ok this is a major vulnerability that you are coding. Register globals on and password being stored in the session is like having a banner on your home page saying 'come and hack me'. Please explain how you've come to this conclusion... ---John Holmes... -- http://www.raditha.com/php/progress.php A progress bar for PHP file uploads. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cannot pass values from one page to another
I think you don't get me. I am not registering the password. Just I use $_SESSION['uname']=$uname; and I need to get the value $_SESSION['visnme'] in the next new page without passing the uname in the URL itself.( form action=?uname=$uname ) as query parameter What I need is that I want to fetch the value of $unme in the next page after login without passing it to next page. Ofcourse the solution is to use POST. I used POST to pass it to next page. That page is authentication.php where I check the uname and passwd and invoked header('...php?$visnme) function From this page how can I pass $uname without using query parameters. Thanks for the reply -murugesan - Original Message - From: [EMAIL PROTECTED] To: php mailing list [EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 11:24 AM Subject: Re: [PHP] Cannot pass values from one page to another Hi, Ok this is a major vulnerability that you are coding. Register globals on and password being stored in the session is like having a banner on your home page saying 'come and hack me'. murugesan wrote: My register_globals in set to ON in php.ini file. I cannot use HTTP_COOKIE_VARS because I need to pass the password from one page to another. -murugesan - Original Message - From: [EMAIL PROTECTED] To: php mailing list [EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 7:13 PM Subject: Re: [PHP] Cannot pass values from one page to another what's your register globals settings? did you try to retrieve from HTTP_COOKIE_VARS ? murugesan wrote: Thanks for the message. I looked into the manual. But it is not working. Ofcourse I used session_start in every pages. -murugesan - Original Message - From: Jay Blanchard [EMAIL PROTECTED] To: murugesan [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 5:23 PM Subject: RE: [PHP] Cannot pass values from one page to another [snip] I got this value in next page(main.php) But from there I am not able to pass it to next page I used session_register('uid'); in main.php but in next page $uid is returning null [/snip] First, look at the manual for sessions. You have posted many questions where the manual would have provided you a solution. Are you placing session_start() at the top of each page where you expect session variables to be available? You should be... Have a pleasant day. -- http://www.raditha.com/php/progress.php A progress bar for PHP file uploads. _ Design your own holidays. Make memories that last a lifetime. http://www.flexihols.com/2003/index.php Enjoy! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cannot pass values from one page to another
Hi, I see that Jay has already pointed out that session_register() is the correct approach and not $_SESSION['uname']=$uname; if you have already tried session_register and had no luck few other things you could look at are 1) make sure that client is configured to accept cookies. 2) if the client is not configured to accept cookies pass the session id as a query variable between urls 3) make sure you don't mix www.yourdomain.com with yourdomain.com 4) make sure that the session has not timed out. and it might be worth the while to clear the browser cache and cookies as well, finally if you are going through a proxy please ask someone to test from the 'outside' some proxies do wierd things. All the best Murugesan N wrote: I think you don't get me. I am not registering the password. Just I use $_SESSION['uname']=$uname; and I need to get the value $_SESSION['visnme'] in the next new page without passing the uname in the URL itself.( form action=?uname=$uname ) as query parameter What I need is that I want to fetch the value of $unme in the next page after login without passing it to next page. Ofcourse the solution is to use POST. I used POST to pass it to next page. That page is authentication.php where I check the uname and passwd and invoked header('...php?$visnme) function From this page how can I pass $uname without using query parameters. Thanks for the reply -murugesan - Original Message - From: [EMAIL PROTECTED] To: php mailing list [EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 11:24 AM Subject: Re: [PHP] Cannot pass values from one page to another Hi, Ok this is a major vulnerability that you are coding. Register globals on and password being stored in the session is like having a banner on your home page saying 'come and hack me'. murugesan wrote: My register_globals in set to ON in php.ini file. I cannot use HTTP_COOKIE_VARS because I need to pass the password from one page to another. -murugesan - Original Message - From: [EMAIL PROTECTED] To: php mailing list [EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 7:13 PM Subject: Re: [PHP] Cannot pass values from one page to another what's your register globals settings? did you try to retrieve from HTTP_COOKIE_VARS ? murugesan wrote: Thanks for the message. I looked into the manual. But it is not working. Ofcourse I used session_start in every pages. -murugesan - Original Message - From: Jay Blanchard [EMAIL PROTECTED] To: murugesan [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 5:23 PM Subject: RE: [PHP] Cannot pass values from one page to another [snip] I got this value in next page(main.php) But from there I am not able to pass it to next page I used session_register('uid'); in main.php but in next page $uid is returning null [/snip] First, look at the manual for sessions. You have posted many questions where the manual would have provided you a solution. Are you placing session_start() at the top of each page where you expect session variables to be available? You should be... Have a pleasant day. -- http://www.raditha.com/php/progress.php A progress bar for PHP file uploads. _ Design your own holidays. Make memories that last a lifetime. http://www.flexihols.com/2003/index.php Enjoy! -- http://www.raditha.com/php/progress.php A progress bar for PHP file uploads. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cannot pass values from one page to another
From: [EMAIL PROTECTED] Didn't know this was the army :-) Yeah, I signed you up last week. You report to basic training in November. I hope you're ready! :) first unless you got your variable ordering (POST, GET, Env, Sesssion etc). the values in the session can be easily overridden with a simple old query string. Sure would hate to have my username and password passed along to each page. remember that when you are using cookies the data actually get's transferred between the client and the server. By default, sessions are made global last, so the session value would overwrite anything passed. But, yes, you're right that if some idiot changed the order around (why?) then it could present a security problem. Thanks for the explanation (just checking!) :) ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cannot pass values from one page to another
CPT John W. Holmes wrote: From: [EMAIL PROTECTED] Ok this is a major vulnerability that you are coding. Register globals on and password being stored in the session is like having a banner on your home page saying 'come and hack me'. Please explain how you've come to this conclusion... ---John Holmes... Yes, please explain this... I'm very curious! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Cannot pass values from one page to another
[snip] I got this value in next page(main.php) But from there I am not able to pass it to next page I used session_register('uid'); in main.php but in next page $uid is returning null [/snip] First, look at the manual for sessions. You have posted many questions where the manual would have provided you a solution. Are you placing session_start() at the top of each page where you expect session variables to be available? You should be... Have a pleasant day. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cannot pass values from one page to another
Thanks for the message. I looked into the manual. But it is not working. Ofcourse I used session_start in every pages. -murugesan - Original Message - From: Jay Blanchard [EMAIL PROTECTED] To: murugesan [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 5:23 PM Subject: RE: [PHP] Cannot pass values from one page to another [snip] I got this value in next page(main.php) But from there I am not able to pass it to next page I used session_register('uid'); in main.php but in next page $uid is returning null [/snip] First, look at the manual for sessions. You have posted many questions where the manual would have provided you a solution. Are you placing session_start() at the top of each page where you expect session variables to be available? You should be... Have a pleasant day. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Cannot pass values from one page to another
what's your register globals settings? did you try to retrieve from HTTP_COOKIE_VARS ? murugesan wrote: Thanks for the message. I looked into the manual. But it is not working. Ofcourse I used session_start in every pages. -murugesan - Original Message - From: Jay Blanchard [EMAIL PROTECTED] To: murugesan [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 5:23 PM Subject: RE: [PHP] Cannot pass values from one page to another [snip] I got this value in next page(main.php) But from there I am not able to pass it to next page I used session_register('uid'); in main.php but in next page $uid is returning null [/snip] First, look at the manual for sessions. You have posted many questions where the manual would have provided you a solution. Are you placing session_start() at the top of each page where you expect session variables to be available? You should be... Have a pleasant day. -- http://www.raditha.com/php/progress.php A progress bar for PHP file uploads. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php