Hi, Monday, October 20, 2003, 10:09:42 AM, you wrote: RA> Hi, RA> We have a site that runs a kind of membership section. RA> When a person logs in we have his username + 3 variables in session, the 3 RA> variables are used for background processing and are never disclosed to the RA> client, all 3 variables contain 1 or 2 digit numbers.
RA> Somehow 1 person has found out about them and is creating havoc with that RA> damn account by changing those variables to differient numbers...any idea RA> how he is doing that? We can ask him to stop but that does not solve the RA> problem.... how can we stop him by making changes on our server or what to RA> do? RA> Please HEAAAAAALP (help) RA> Cheers, RA> -Ryan encrypt the numbers and decrypt them before use, if they wont decrypt to a nuber ditch the connection. If you need a class for that I can send it to you -- regards, Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
