On May 28, 2010, at 9:43 PM, Jason Pruim wrote:
Hey Everyone,
So I'm sitting here on a friday night trying to figure out how in
the world I'm going to fix an issue that should probably be simple
to me but is escaping me at the moment
Take this authentication function:
?PHP
On Sat, 2010-05-29 at 07:40 -0400, Floyd Resler wrote:
On May 28, 2010, at 9:43 PM, Jason Pruim wrote:
Hey Everyone,
So I'm sitting here on a friday night trying to figure out how in
the world I'm going to fix an issue that should probably be simple
to me but is escaping me at
On May 29, 2010, at 12:02 AM, Nathan Nobbe wrote:
On Fri, May 28, 2010 at 7:43 PM, Jason Pruim li...@pruimphotography.com
wrote:
Hey Everyone,
So I'm sitting here on a friday night trying to figure out how in
the world I'm going to fix an issue that should probably be simple
to me
Hey Everyone,
So I'm sitting here on a friday night trying to figure out how in the
world I'm going to fix an issue that should probably be simple to me
but is escaping me at the moment
Take this authentication function:
?PHP
function authentication($authUser, $authPass,
On Fri, May 28, 2010 at 7:43 PM, Jason Pruim li...@pruimphotography.comwrote:
Hey Everyone,
So I'm sitting here on a friday night trying to figure out how in the world
I'm going to fix an issue that should probably be simple to me but is
escaping me at the moment
Take this
2009/1/23 Jesus Campos jesus...@cm-barcelos.pt
Hi there,
I would like to create a application that can be able to authenticate by
client certificate.
Can I make this by apache/php? Anyone can recomend me documantation?
Thanks,
JCampos
http://www.php.net/unsub.php
Hey,
I do not really
Hi there,
I would like to create a application that can be able to authenticate by
client certificate.
Can I make this by apache/php? Anyone can recomend me documantation?
Thanks,
JCampos
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
So the user comes to the site and they're presented with a log in page.
They enter their username and password and php checks a mysql database for
a matching username and password.
In the case of a match, php then sets a cookie on their browser with a
value of 1 for authenticated and 0 for not
On Thu, 2008-05-29 at 14:20 -0600, DeadTOm wrote:
So the user comes to the site and they're presented with a log in page.
They enter their username and password and php checks a mysql database for
a matching username and password.
In the case of a match, php then sets a cookie on their browser
On Thu, 29 May 2008 14:20:02 -0600 (MDT)
DeadTOm [EMAIL PROTECTED] wrote:
So the user comes to the site and they're presented with a log in
page. They enter their username and password and php checks a mysql
database for a matching username and password.
In the case of a match, php then sets
I mostly use Firefox but still I check to make sure everything works in IE7
and other browsers equally as well. I had strange results here. I have a
simple login form(user/pass field and submit button). I have the actual
login request script in a common php file. I have an Authentication class
Hello ,
Those code doesn't mean anything to client browser, you may session cookie
problem. Please check php.net online manual about it.
Regards
Sancar
On Saturday 04 August 2007 18:20:49 Brian Seymour wrote:
I mostly use Firefox but still I check to make sure everything works in IE7
and
Correct Stut, I want transparent authentication, but I also want to have the
currently logged in user name pulled so I can use it for tracking purposes.
My application deals with very sensitive company information and I want to
pull the username for tracking purposes. I have everything running
Dan Shirah wrote:
Correct Stut, I want transparent authentication, but I also want to have
the currently logged in user name pulled so I can use it for tracking
purposes. My application deals with very sensitive company information
and I want to pull the username for tracking purposes. I have
Dan,
i realize i misunderstood the original question. am i to understand you
have php running
on all of the client machines ?
thanks,
-nathan
On 7/31/07, Dan Shirah [EMAIL PROTECTED] wrote:
Correct Stut, I want transparent authentication, but I also want to have
the
currently logged in
Dan Shirah wrote:
I looked on PHP.net but I couldn't not find anything suitable to answer my
question.
Within PHP, is there a way to pull the name of the user that is currently
logged into the PC?
I know with some of the _SERVER functions you can pull the IP of the machine
and other data, is
I looked on PHP.net but I couldn't not find anything suitable to answer my
question.
Within PHP, is there a way to pull the name of the user that is currently
logged into the PC?
I know with some of the _SERVER functions you can pull the IP of the machine
and other data, is there a function
All,
I looked on PHP.net but I couldn't not find anything suitable to answer my
question.
Within PHP, is there a way to pull the name of the user that is currently
logged into the PC?
I know with some of the _SERVER functions you can pull the IP of the machine
and other data, is there a
On 7/27/07, Dan Shirah [EMAIL PROTECTED] wrote:
All,
I looked on PHP.net but I couldn't not find anything suitable to answer my
question.
Within PHP, is there a way to pull the name of the user that is currently
logged into the PC?
I know with some of the _SERVER functions you can pull
on *.nix you could do something like
$users = explode(' ', `users`);
$users will then be an array w/ the usernames of the currently logged in
users.
user names may appear more than once, per the users documentation.
no clue or care on windows for me :)
-nathan
On 7/27/07, Dan Shirah [EMAIL
-0500) America/New_York
Subject: [PHP] Authentication
All,
I looked on PHP.net but I couldn't not find anything suitable to answer my
question.
Within PHP, is there a way to pull the name of the user that is currently
logged into the PC?
I know with some of the _SERVER functions you can pull the IP
27, 2007 1:51:51 PM (GMT-0500) America/New_York
Subject: [PHP] Authentication
All,
I looked on PHP.net but I couldn't not find anything suitable to answer my
question.
Within PHP, is there a way to pull the name of the user that is currently
logged into the PC?
I know with some of the _SERVER
On Fri, July 27, 2007 12:51 pm, Dan Shirah wrote:
I looked on PHP.net but I couldn't not find anything suitable to
answer my
question.
Within PHP, is there a way to pull the name of the user that is
currently
logged into the PC?
That data is not transmitted, by design, in an HTTP request.
My application is only used within my company. I want to pull the NT
Authenticated user that is logged in, cross reference that user with what I
have pulled from ldap and verify the user's name is valid. If the username
is valid I will assign it to a variable and use that variable to store the
]
To: [EMAIL PROTECTED]
Cc: php-general php-general@lists.php.net
Sent: Friday, July 27, 2007 11:02 PM
Subject: Re: [PHP] Authentication
My application is only used within my company. I want to pull the NT
Authenticated user that is logged in, cross reference that user with what
I
have pulled from ldap
[snip]
My application is only used within my company. I want to pull the NT
Authenticated user that is logged in, cross reference that user with
what I
have pulled from ldap and verify the user's name is valid. If the
username
is valid I will assign it to a variable and use that variable to store
On Fri, July 27, 2007 4:02 pm, Dan Shirah wrote:
My application is only used within my company. I want to pull the NT
Authenticated user that is logged in, cross reference that user with
what I
have pulled from ldap and verify the user's name is valid. If the
username
is valid I will assign
Dan Shirah wrote:
My application is only used within my company. I want to pull the NT
Authenticated user that is logged in, cross reference that user with what I
have pulled from ldap and verify the user's name is valid. If the username
is valid I will assign it to a variable and use that
On Friday 27 July 2007 20:51:51 Dan Shirah wrote:
All,
I looked on PHP.net but I couldn't not find anything suitable to answer my
question.
Within PHP, is there a way to pull the name of the user that is currently
logged into the PC?
I know with some of the _SERVER functions you can pull
From: Dan Shirah [EMAIL PROTECTED]
All,
I looked on PHP.net but I couldn't not find anything suitable to answer my
question.
Within PHP, is there a way to pull the name of the user that is currently
logged into the PC?
I know with some of the _SERVER functions you can pull the IP of the
Hi all
I'm trying to do authentication with database. I
created the database and I inserted some usernames and
passwords into my database. By using the below file,
I'm trying to give access to the main page for the
accounts that matches the username and password. The
problem is that it do not
On Fri, April 29, 2005 8:50 am, Yavuz S. Atmaca said:
$sql = SELECT user_id
FROM tbl_auth_user
WHERE user_id = '$userId' AND
user_password = PASSWORD('$password');
Did you use the PASSWORD function when you inserted your passwords, or are
they just plain-text?
Somehow my PHP 5.0.3 or something is configured incorrectly. When I try
to get past an authentication input, nothing happens. For example, I
have phpMyAdmin configured now to use mysqli, but when I enter the
username and password, the screen doesn't change. In previous testing, I
saw that an
Hi there
this is a tutorial am trying to do...chk out the code..
if ( ( !isset( $PHP_AUTH_USER )) || (!isset($PHP_AUTH_PW))
|| ( $PHP_AUTH_USER != 'user' ) || ( $PHP_AUTH_PW != 'open' ) ) {
header( 'WWW-Authenticate: Basic realm=Private' );
header( 'HTTP/1.0 401 Unauthorized'
Ali a écrit :
if ( ( !isset( $PHP_AUTH_USER )) || (!isset($PHP_AUTH_PW))
|| ( $PHP_AUTH_USER != 'user' ) || ( $PHP_AUTH_PW != 'open' ) ) {
Better use $_SERVER['PHP_AUTH_USER'] instead of $PHP_AUTH_USER
and $_SERVER['PHP_AUTH_PW'] instead of $PHP_AUTH_PW.
Chapter 33. HTTP authentication with
Hi Ali,
Visit
http://zareef.users.phpclasses.org/browse/class/21.html
You will find a lot of code.
zareef ahmed
On Tue, 28 Dec 2004 13:12:14 +1030, Ali [EMAIL PROTECTED] wrote:
Hi everyone...
can anyone lead me to a good tutorial on authentication...it wud be good if
i can get a one in
Hi everyone...
can anyone lead me to a good tutorial on authentication...it wud be good if
i can get a one in connection with a database..
thnks
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Ali wrote:
can anyone lead me to a good tutorial on authentication...it wud be good if
i can get a one in connection with a database..
$all_good = query(SELECT valid_user FROM table);
or use Google.
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The
Hi guys,
well, I wrote a class for a big project (a framework), and here it is,
I was wondering if someone have any suggestions regarding flexibility
and security.
Course it uses specific framework classes but it's quite understable..
Bruno B B Magalhães wrote:
Hi guys,
well, I wrote a class for a big project (a framework), and here it
is, I was wondering if someone have any suggestions regarding
flexibility and security.
Wow it's the most artistic piece of php i have ever seen.
--
Raditha Dissanayake.
Is this good or bad? heheh!
Regards,
Bruno B B Magalhaes
On Nov 16, 2004, at 3:31 PM, raditha dissanayake wrote:
Bruno B B Magalhães wrote:
Hi guys,
well, I wrote a class for a big project (a framework), and here it
is, I was wondering if someone have any suggestions regarding
flexibility and
I need to require username/password access in two distinct ways.
At one level, I need to protect all files except .php files within a
directory structure. I can do this with htaccess using the FilesMatch
directive.
I also need to serve up database driven content via username/password at
On Tue, 2 Nov 2004 13:48:30 -0500, Kelly Meeks [EMAIL PROTECTED] wrote:
I need to require username/password access in two distinct ways.
PHP Generic Access Control Lists
http://phpgacl.sourceforge.net/
--
Greg Donald
Zend Certified Engineer
http://gdconsultants.com/
http://destiney.com/
Hi, is there a way to authenticate a username/password someone enters in a
form with what is in /etc/passwd?
Thanks!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Hi, is there a PHP function or some sort of way to have a user enter their
username and password in a form, and compare the username and password and
see if the username exists and the password is correct?
basically I want to have a page where a person enters their username and
password and if
Hello everybody.
I think this problem there was thousands of times in this forum, as the
archives shows, so you can freely ignore me if I bother you.
I have little auth php base that looks like:
if(cookie)
authcookie();
else if($_POST[uname] $POST[pass])
authuser(); // and sets a
Do you mean using
$file = '/protected/file.pdf';
or using an absolute path on the server?
Best Regards,
Scott
Subject:
Re: [PHP] authentication problems!
From:
Luke [EMAIL PROTECTED]
Date:
Wed, 21 Jan 2004 14:24:11 +1100
To:
[EMAIL PROTECTED]
Yeah, i think i mentioned the same thing
I am about at my wits end trying to find a good solution to this
problem. I've asked various portions of this question to this mail list
and still have not found exactly what it is I am looking for, but here
it goes.
I'm looking for a way to protect my files (this would be pdf files,
image
, 2004 03:17:21 PM -0500
Subject: [PHP] authentication problems!
I am about at my wits end trying to find a good solution to this
problem. I've asked various portions of this question to this mail list
and still have not found exactly what it is I am looking for, but here
it goes.
I'm looking
On Wednesday 21 January 2004 05:49, Scott Taylor wrote:
Please trim your posts!
Of course there is not problem if the user is entering the information
him or her self. But just using this code:
$file = 'http://miningstocks.com/protected/Dec03PostPress.pdf';
//now view the
Yeah, i think i mentioned the same thing(or was going to :/ )
you should be able to use the local filesystem, and reffer to it relatively!
and then you can stream it and you wont need any authentication, and noone
will be able to directly link to the file
--
Luke
Jason Wong [EMAIL PROTECTED]
I currently use a .htaccess file for users to login, and now I need to
make some changes to how the site works.
I need to be able to have the users login, and once that is done the
login needs to be used to pass through the database. And to pull files
from a directory as nobody seems to listen
--- Robert Sossomon [EMAIL PROTECTED] wrote:
I currently use a .htaccess file for users to login, and now I need
to make some changes to how the site works.
I need to be able to have the users login, and once that is done the
login needs to be used to pass through the database.
Search PEAR
Message-
From: Chris Shiflett [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 16, 2003 11:53 AM
To: Robert Sossomon; [EMAIL PROTECTED]
Subject: Re: [PHP] Authentication
--- Robert Sossomon [EMAIL PROTECTED] wrote:
I currently use a .htaccess file for users to login, and now I need
~~~
-Original Message-
From: Chris Shiflett [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 16, 2003 11:53 AM
To: Robert Sossomon; [EMAIL PROTECTED]
Subject: Re: [PHP] Authentication
--- Robert Sossomon [EMAIL PROTECTED] wrote:
I currently use a .htaccess file for users to login
--- Robert Sossomon [EMAIL PROTECTED] wrote:
I am not trying to authenticate off of a database though. I have
scripts that automatically modify the .htaccess file as I change a
user, so I need to authenticate off the .htaccess file and store
the users information into a cookie. I think from
Duh, OK, Now I REALLY feel stupid. With the current setup using the
.htaccess files and everything I have in place all I needed to do was
get the information from: $_SERVER['PHP_AUTH_USER'] and
$_SERVER['PHP_AUTH_PW']. I kept thinking I had to use PHP to set those
values. Thanks guys!! Works
Chris Shiflett wrote:
A parser is called every time a page is accessed. If no page is
defined, the home page is loaded. Subsequent pages are linked with
http://dictionary.reference.com/search?q=parser
Very amusing.
Okay, dispatcher would probably be a better name. It preps the
environment
Hello,
httpd v1.3.27, php v4.3.0.
I have a web page I wish to restrict access. I prefer to use the
standard apache httpd authentication with .htaccess and password file.
This method does not seem to work with PHP.
A parser is called every time a page is accessed. If no page is
defined,
--- news.php.net [EMAIL PROTECTED] wrote:
I have a web page I wish to restrict access. I prefer to use the
standard apache httpd authentication with .htaccess and password
file. This method does not seem to work with PHP.
This method is independent of the type of resource being used, so it
Hi,
I have some questions. Is it possible to pass login data such
as username and password to the HTTP Basic Authentication
dialog box from PHP? How do you code that?
Is it also possible to get the variable data from the Authentication
dialog once login? I tried putting phpinfo() in an index.php
* Thus wrote BhongOng ([EMAIL PROTECTED]):
Hi,
I have some questions. Is it possible to pass login data such
as username and password to the HTTP Basic Authentication
dialog box from PHP? How do you code that?
I know for sure with Basic authentication you can't.
Is it also possible to
Doug,
On Thursday, July 3, 2003, at 05:42 AM, Doug Essinger-Hileman wrote:
Now I need to learn how to take the incoming message and process it.
I am assuming that the processing can be done by php. Any
suggestions, either on how to do this, or where I might learn how to
do this?
The simple
there's a good example in this article
A Complete, Secure User Login System
by Tim Perdue
http://www.phpbuilder.com/columns/tim2505.php3
olinux
On 2 Jul 2003 at 13:00, Mike Migurski wrote:
You may find it easier to include, in the e-mail,
a
uniquely-generated, limited-time URL
I am in the process of scripting a site which requires
authentication. I've no problems with the scripts allowing folk to
register, login, logout, change password, etc. However, this morning
I've begun to work on providing some security in the form of
preventing someone from registering as
At the point where they fill out the registration form, I am sending them
an email, informing them that they have been registered. On many sites
I've gone to, the process then includes a requirement that the person
reply to the message.
Now I need to learn how to take the incoming message and
On 2 Jul 2003 at 13:00, Mike Migurski wrote:
You may find it easier to include, in the e-mail, a
uniquely-generated, limited-time URL that the person can visit to
verify that they have received the e-mail. This will remove the burden
of having to set up a system that responds to e-mail
I'm using LDAP to authenticate my users. login.php and
any script that requires authentication start off with
the following code:
--
session_start();
if (session_is_registered(valid_user)) {
header( Location: admin.php );
--
The ldap binds as such:
ldap_bind($ds,
Hi,
I am looking for a simple authentication script that uses MySQL. I have
downloaded about 10 of them (most with no instructions on it's use), but
even at that they are not what I need.
When you go to the main page of my site it will ask you to login or signup.
So I want to be able to
Beauford.2002 wrote:
I am looking for a simple authentication script that uses MySQL. I have
downloaded about 10 of them (most with no instructions on it's use), but
even at that they are not what I need.
The PEAR project has 7 different authentication packages, including Auth
which I
At 07:02 02.03.2003, Sunfire said:
[snip]
basic question about www-authenticate header...(least i hop its simple)
i have the code:
?php
header(WWW-Authenticate: basic realm='a realm');
header(HTTP/1.0 402 Unauthorized);//dont understand
//what this line does
how would you show a header message or basically force apache to show an
error page of its own like 401 if someone hits cancle on the php auth header
function?
and i have a line like:
header(WWW-Authenticate: basic realm='a realm name');
//i know what that means look at next line...
hi
basic question about www-authenticate header...(least i hop its simple)
i have the code:
?php
header(WWW-Authenticate: basic realm='a realm');
header(HTTP/1.0 402 Unauthorized);//dont understand
//what this line does
echo you didnt login yet\n; //understand it but want
//something else like a
Hi again,
My problem was about authentication without the default popup, but with
a form that submits the credentials. I still didn't get it to work, so
I'd like to know if anyone has ever done anything like that. I just
can't get it to work right and I'd like to see a working script
thx,
:44
Para: [EMAIL PROTECTED]
Asunto: [PHP] authentication problem
Hi again,
My problem was about authentication without the default popup, but with
a form that submits the credentials. I still didn't get it to work, so
I'd like to know if anyone has ever done anything like that. I just
can't get
I don't think the process is an extra step at all. In fact, it's just a
trade off using one or the other. You can either login using php and a
database backend or just authenticate using .htaccess directives.
In my case (a few months back) what I was trying to do was offer up a
single login page
[EMAIL PROTECTED] schrieb:
I don't think the process is an extra step at all. In fact, it's just a
trade off using one or the other. You can either login using php and a
database backend or just authenticate using .htaccess directives.
snip
On Mon, 3 Feb 2003, Chris Shiflett wrote:
Goetz Lohmann schrieb:
[EMAIL PROTECTED] schrieb:
I don't think the process is an extra step at all. In fact, it's just a
trade off using one or the other. You can either login using php and a
database backend or just authenticate using .htaccess directives.
snip
On Mon, 3 Feb 2003,
I have a question that maybe someone could answer.
If you by chance come across a secure area that prompts the username and
passcode to a folder, how I can PHP to automagically add them in later on?
Also, instead of that dialogue popping up, is there a way you can add your
own via HTML form and
--- Chris Winters [EMAIL PROTECTED] wrote:
If you by chance come across a secure area that prompts
the username and passcode to a folder
Can you rephrase that? I can't tell what you are talking
about. Does a separate window pop up prompting for a
username and password, or is this part of the
as
well. The search query php password protect on Google Groups yeilded 3400
results alone.
Good luck,
-Kevin
- Original Message -
From: Chris Winters [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, February 03, 2003 10:31 AM
Subject: [PHP] authentication
I have a question that maybe
Sorry about that.
What I meant was for example, sometimes I come across protected sites that
require a username and passcode. So, if one was to protect a directory or
folder, a regular dialog will appear for username and passcode prompt within
the web browser. I was researching some variables
--- Chris Winters [EMAIL PROTECTED] wrote:
So, if one was to protect a directory or folder, a
regular dialog will appear for username and passcode
prompt within the web browser. I was researching some
variables that I came across which is called
$PHP_AUTH_USER, $PHP_AUTH_PW, and
Chris,
Exactly. I am relying on the webserver to provide the restrictions.
Now my next question:
what functions should I utilize or come close to to do it? There isnt any
PHP pages directed towards teh directory itself. Its is just a hard link to
the protected areas. Are there any functions that
There is a way to supposedly do this by authenticating a username and
password through php first through such methods as database lookups and
then passing the username and password through $PHP_AUTH_USER and
$PHP_AUTH_PW using the header() command to point to the URL of the
.htaccess protected
I'm sorry the line should have been...
header(Location:http://$PHP_AUTH_USER:$[EMAIL PROTECTED];);
Ed
On Mon, 3 Feb 2003 [EMAIL PROTECTED] wrote:
There is a way to supposedly do this by authenticating a username and
password through php first through such methods as database lookups and
There is a way to supposedly do this by authenticating
a username and password through php first through such
methods as database lookups and then passing the
username and password through $PHP_AUTH_USER and
$PHP_AUTH_PW using the header() command to point to the
URL of the .htaccess
Read this:
http://www.php.net/features.http-auth
Regards,
Philip
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Hi Justin,
Thanks for that link, looks pretty interesting. I'll take a closer read later.
Cheers,
Jord
--
Jordan Elver
Eagles may soar high, but weasels don't get sucked into jet engines. -- David
Brent (The Office)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
Hi,
I'm about to start a new project which will require a login system. The system
should allow for different types of access on a per page basis. I'm going to
achieve the login system using sessions, which I have done before.
My problem is that I don't want to have to do much login checking on
://www.devarticles.com/art/1/262
http://www.devarticles.com/art/1/285
http://www.devarticles.com/art/1/323
Part six isn't up yet so check back to the same site later...
- Original Message -
From: Jordan Elver [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, January 14, 2003 3:07 PM
Subject: [PHP
on 15/01/03 7:07 AM, Jordan Elver ([EMAIL PROTECTED]) wrote:
Hi,
I'm about to start a new project which will require a login system. The system
should allow for different types of access on a per page basis. I'm going to
achieve the login system using sessions, which I have done before.
My
I have a site that uses PHP/MySQL authentication for one section and
Apache/HTTP authentication for another. Eventually I would like to use only
PHP and MySQL for authenticating users, but in the meantime, I have to use
both.
First, users will log in to the main section of the site and I
I am curious what method of authentication is preferred by people on
this list. Are you using PHP scripts for authentication and limiting
access, or are you using HTTP header info. Maybe it is best to use
both.
For my sites I usually store user info in a database and use php and
sessions to
Jackson,
It really depends on what you are wanting to protect, but in most cases,
it is better to use a homegrown solution.
If you are interested in why I say this, read on ...
HTTP authentication has two breeds, basic and digest. With basic, the
*authentication* credentials (e.g., name and
Hi
I have installed PHP on a Windows NT Server 4.0 and it works (almost) fine!
The thing is that I get the Enter network password - prompt when I first
go to a PHP-file. Not if I go to an ASP file.
So if I just hit enter in the prompt, I get in to the PHP-page and can
continue surfing.
I guess
I have a user authentication system using sessions
it checks username and password against a database.
if correct it sets a variable in the session cookie (via $_SESSION) and
redirects to the protected page which checks for that variable.
if the user/pass is wrong it redirects to an error page.
Dear Richard,
Again thank you for your reply. I'm sorry to keep bothering you. Please
tell me when to stop.
Let me explain what I'm trying to do and maybe you'll point me in the right
direction.
I'm developing a paid Web site for business courses. Some pages will be
available to all
Have a look at Kevin Yank's article on sitepoint.com called something like
restricting page access with php and mysql.
It formed the basis of my user and session management.
Basically, you should be re-checking your username and password on every
page, so it shouldn't be too hard to extend this
On my site, when a user logs in, their password is encrypted using md5() and
the username and encrypted password is then passed from page to page using
hidden form inputs (clicking on a link submits the form using POST).
Does anyone have any comments on this method e.g. security wise? I know I
1 - 100 of 168 matches
Mail list logo
