On 24/10/06, Richard Lynch [EMAIL PROTECTED] wrote:
Can't you just use $_SESSION ?
Or is that also out?
Once the user is authenticated, $_SESSION['username'] = $username; and
you're done.
No passing passwords, hashed or not, back and forth.
Somebody can still hijack the session, but you
On 23/10/06, David Tulloh [EMAIL PROTECTED] wrote:
Breaking this down you have a hardcoded password.
In the script you store a hash of the password rather than the actual
password.
Yes, no choice but to have the password in the file. I can't include()
anything, and no mysql. So, only hashed
Breaking this down you have a hardcoded password.
In the script you store a hash of the password rather than the actual
password.
Upon first access you take a hash of the password and compare it against
your stored hash. If it's a match you have an authentic user.
The authentic user is then
Dotan Cohen wrote:
...
Thanks for any and all input.
// here is a completely different way of doing it:
function setSimplePageProtectionDetails($login, $pwd, $makeSha1Hash = false)
{
if (!defined('SIMPLE_AUTH_PW') !defined('SIMPLE_AUTH_USER')) {
if (!$login || !$pwd) {
On 23/10/06, Jochem Maas [EMAIL PROTECTED] wrote:
Dotan Cohen wrote:
...
Thanks for any and all input.
// here is a completely different way of doing it:
function setSimplePageProtectionDetails($login, $pwd, $makeSha1Hash = false)
{
if (!defined('SIMPLE_AUTH_PW')
On Mon, October 23, 2006 2:41 am, Dotan Cohen wrote:
On 23/10/06, David Tulloh [EMAIL PROTECTED] wrote:
Breaking this down you have a hardcoded password.
In the script you store a hash of the password rather than the
actual
password.
Yes, no choice but to have the password in the file. I
I'm in the horrible situation where I need a one-page script to hold
it's own password and validate itself. I coded this together, I want
this lists opinion as to whether or not it holds water, considering
the circumstance:
?php
$sha1_pw=5218lm849l394k1396dip4'2561lq19k967e'30;
if (
7 matches
Mail list logo
