Examined settings, reassured that all cookies were being allowed; still did not work.
"Dash McElroy" <[EMAIL PROTECTED]> wrote in message ABA3F1F1A223D411BE6C006008A6F7E260427C@MSX1-PTON">news:ABA3F1F1A223D411BE6C006008A6F7E260427C@MSX1-PTON... > By any chance, does the broser have cookies disabled? I know when a session > can't go to a cookie, it goes to the URL. > > -Dash > > -----Original Message----- > From: Brian Graham [mailto:[EMAIL PROTECTED]] > Sent: Monday, June 24, 2002 12:27 AM > To: [EMAIL PROTECTED] > Subject: [PHP-WIN] Get/Post and Security Issues > > > Apache 1.3.26 > PHP 4.2.1 > > When I enter username and password information onto a page, it uses Get and > puts the session ID along with the username and the password into the URL, > despite my saying "method=post" in the form attributes. > > This seems like it would be a common problem, but my research isn't bringing > up anything even remotely about it. > > I've done very, very little tweaking to my php.ini and httpd.conf to give > you an idea of what defaults are in place still. Here is the function code: > > function user_login() { > global $usern; > global $userp; > global $feedback; > global $loginswitch; > if (!isSet($usern) && !isSet($userp)) > return FALSE; > if ($usern == '' or $userp == '') { > $loginswitch = FALSE; > $feedback = "Username and/or password is missing."; > return FALSE; > } > $uname = strtolower($usern); > $query = "SELECT user_name, user_pass, user_isconfirmed > FROM user > WHERE user_name = '$usern' > AND user_pass = '$userp'"; > $results = mysql_query($query) or die(mysql_error()); > $row = mysql_fetch_row($results); > if ($usern == $row[0] && $userp == $row[1]) { > $_SESSION['loginswitch'] = TRUE; > $_SESSION['username'] = $usern; > $feedback = "You are now logged in."; > return TRUE; > } > else { > $_SESSION['loginswitch'] = FALSE; > $feedback = "Username of password are incorrect."; > return FALSE; > } > } > > > > > > > > -- > PHP Windows Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
