Hi,
On every request you have to check access rights.
So you need access rights. someting like this
rights table
page_id
user_login
right_type
select right_type from rights_table
where page_id = '".$PHP_SELF."'
and user_login ='".$_SESSION['user_login']."'
if this query returns someting, your c
Alain Roger wrote:
I already started to use SSL, but i do not understand how to keep it
running.
I mean after user has been authenticated and authorized to go further,
all next web pages are opened using PHP location(https://...); command.
however, it does not certify that it can not be faked
2007. 03. 5, hétfő keltezéssel 15.05-kor Alain Roger ezt írta:
> I already started to use SSL, but i do not understand how to keep it
> running.
>
> I mean after user has been authenticated and authorized to go further, all
> next web pages are opened using PHP location(https://...); command.
> ho
I already started to use SSL, but i do not understand how to keep it
running.
I mean after user has been authenticated and authorized to go further, all
next web pages are opened using PHP location(https://...); command.
however, it does not certify that it can not be faked by just typing into
br
But where do you store the $server_unique_key ?
in DB ?
if yes, it should be different for each user logged-in to system.
Moreover, the $chec_string algorithm should not written in cookie as it is a
weakness from my point of view.
Alain
On 3/4/07, Tijnema ! <[EMAIL PROTECTED]> wrote:
Give you
Tijnema ! wrote:
On 3/4/07, Stut <[EMAIL PROTECTED]> wrote:
Tijnema ! wrote:
> Give your server a unique ID, and add that to your check string lets
say
> so you store in your cookie the username and the check string.
>
> example
> $user = "tijnema";
> $server_unique_key =
> "w#$#%#54dfa4vf4w5
On 3/4/07, Stut <[EMAIL PROTECTED]> wrote:
Tijnema ! wrote:
> Give your server a unique ID, and add that to your check string lets say
> so you store in your cookie the username and the check string.
>
> example
> $user = "tijnema";
> $server_unique_key =
> "w#$#%#54dfa4vf4w5$2!@@$
> ";
> $check
Tijnema ! wrote:
Give your server a unique ID, and add that to your check string lets say
so you store in your cookie the username and the check string.
example
$user = "tijnema";
$server_unique_key =
"w#$#%#54dfa4vf4w5$2!@@$
";
$check_string = md5($server_unique_key.$user.$server_unqie_key);
Alain Roger wrote:
Ok, but i would be very glad to know how can i REALLY authenticate the
user.
for example, user is logged, so i have in the cookie his login name.
how can i be sure that it's the same user and not some hacker who hacked
the
cookie and the session ?
what should be checked and
Give your server a unique ID, and add that to your check string lets say
so you store in your cookie the username and the check string.
example
$user = "tijnema";
$server_unique_key = "w#$#%#54dfa4vf4w5$2!@@$
";
$check_string = md5($server_unique_key.$user.$server_unqie_key);
and check that each
Ok, but i would be very glad to know how can i REALLY authenticate the user.
for example, user is logged, so i have in the cookie his login name.
how can i be sure that it's the same user and not some hacker who hacked the
cookie and the session ?
what should be checked and where those data shoul
On 3/4/07, Stut <[EMAIL PROTECTED]> wrote:
Alain Roger wrote:
> I would like to implement a module access rights in my web application.
> Basically after authentication and authorization. Logged user has a
> particular profile which allow him to have access to some part of the
web
> application.
Hi,
do not worry, i will not store a password in a cookie.
it is stored encrypted into database.
Al.
On 3/4/07, Stut <[EMAIL PROTECTED]> wrote:
Alain Roger wrote:
> I would like to implement a module access rights in my web application.
> Basically after authentication and authorization. Logg
Alain Roger wrote:
I would like to implement a module access rights in my web application.
Basically after authentication and authorization. Logged user has a
particular profile which allow him to have access to some part of the web
application.
after reading the security guide from *php*sec.org
Hi,
I would like to implement a module access rights in my web application.
Basically after authentication and authorization. Logged user has a
particular profile which allow him to have access to some part of the web
application.
after reading the security guide from *php*sec.org webpage, i'm c
15 matches
Mail list logo
