Mailit, LLC a écrit :
$userName = $_POST[userName];
$passw= $_POST[passw];
(...)
$cmd = "SELECT * FROM theTable "
. "WHERE userName='$userName' ";
$res = mysql_query( $cmd ) or die( "Password search failed." );
Without validating userName in $_POST, that code is vulnerable
--- Begin Message ---
Here is the setup that I have used.
Please, adapt to your needs.
Table 'theTable' is supposed to contain columns fname, mname, lname
and ePass (encrypted password). The crypt() function produces a password
that
cannot be decrypted and really works well.
Of course, you need t
Kevin,
I'm having some issues with my email client right now so I'm sorry if
you've already found the answer. There is a way for PHP to do this
without the need to modify your web server's configuration or bothering
with .htaccess/ .htpasswd files by simply modifying the http headers
that your
Kevin Javia wrote:
I am experimenting on my site and I want to make it password protected like
www.realsolution.com.
http://www.zend.com/zend/tut/authentication.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Wed, 2005-02-16 at 21:31, Kevin Javia wrote:
> I am experimenting on my site and I want to make it password protected like
> www.realsolution.com.
>
> If any one enters correct user name and password, only then they will be
> able to enter into my site.
>
> How can I do that in PHP?
>
> Any i
I am experimenting on my site and I want to make it password protected like
www.realsolution.com.
If any one enters correct user name and password, only then they will be
able to enter into my site.
How can I do that in PHP?
Any ideas? Thanks a ton in advance.
--
PHP General Mailing List (http
Greetings,
I'm working on a project that involves a password protected area of a
website. Some one also involved brought up the point that this area should
be secure (Whit the lock icon indicating it is encrypted).
In this particular project the password protected area will be a quote
generating
.
Do a seach on Google for 'SSL' and start reading :)
- James
> -Original Message-
> From: Bill Rausch [mailto:[EMAIL PROTECTED]]
> Sent: January 25, 2001 4:54 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] password protection
>
>
> Hi all,
>
> This
Hi all,
This isn't strictly a PHP issue but is quite related. Given that you have
a PHP-driven web site with user authorization and session identifiers etc.,
what can you do to prevent electronic "snooping" of the clear text password
that is passed from the browser to the server? When filling o
9 matches
Mail list logo
