Re: [PHP] One-page password-protected file

2006-10-23 Thread Dotan Cohen
On 24/10/06, Richard Lynch <[EMAIL PROTECTED]> wrote: Can't you just use $_SESSION ? Or is that also out? Once the user is authenticated, $_SESSION['username'] = $username; and you're done. No passing passwords, hashed or not, back and forth. Somebody can still hijack the session, but you ga

Re: [PHP] One-page password-protected file

2006-10-23 Thread Richard Lynch
On Mon, October 23, 2006 2:41 am, Dotan Cohen wrote: > On 23/10/06, David Tulloh <[EMAIL PROTECTED]> wrote: >> Breaking this down you have a hardcoded password. >> In the script you store a hash of the password rather than the >> actual >> password. > > Yes, no choice but to have the password in th

Re: [PHP] One-page password-protected file

2006-10-23 Thread Dotan Cohen
On 23/10/06, Jochem Maas <[EMAIL PROTECTED]> wrote: Dotan Cohen wrote: ... > Thanks for any and all input. // here is a completely different way of doing it: function setSimplePageProtectionDetails($login, $pwd, $makeSha1Hash = false) { if (!defined('SIMPLE_AUTH_PW') && !defined('SIMPLE_

Re: [PHP] One-page password-protected file

2006-10-23 Thread Jochem Maas
Dotan Cohen wrote: ... > Thanks for any and all input. // here is a completely different way of doing it: function setSimplePageProtectionDetails($login, $pwd, $makeSha1Hash = false) { if (!defined('SIMPLE_AUTH_PW') && !defined('SIMPLE_AUTH_USER')) { if (!$login || !$pwd) {

Re: [PHP] One-page password-protected file

2006-10-23 Thread David Tulloh
Breaking this down you have a hardcoded password. In the script you store a hash of the password rather than the actual password. Upon first access you take a hash of the password and compare it against your stored hash. If it's a match you have an authentic user. The authentic user is then supp

Re: [PHP] One-page password-protected file

2006-10-23 Thread Dotan Cohen
On 23/10/06, David Tulloh <[EMAIL PROTECTED]> wrote: Breaking this down you have a hardcoded password. In the script you store a hash of the password rather than the actual password. Yes, no choice but to have the password in the file. I can't include() anything, and no mysql. So, only hashed w

[PHP] One-page password-protected file

2006-10-21 Thread Dotan Cohen
I'm in the horrible situation where I need a one-page script to hold it's own password and validate itself. I coded this together, I want this lists opinion as to whether or not it holds water, considering the circumstance: The idea is that the user could call the page like this: http://server.