Edmund Hertle wrote:
Hey,
I've got 2 server, both having the same authentication scripts and using the
same database. My problems are:
1.: User logs in on server1 -> trys to use a part of the site which is
physically located on server2 -> has to login again on server2
2.: There is a wiki on serv
On Fri, Mar 6, 2009 at 5:14 PM, Paul Scott wrote:
> On Fri, 2009-03-06 at 10:09 +0100, Edmund Hertle wrote:
>
>> The only method which possibly could work and came to my mind was using
>> somehow $_GET parameter for username and password (encrypted).
>
> Set a cookie and crypt that (RC4 works well
On Fri, 2009-03-06 at 10:09 +0100, Edmund Hertle wrote:
> The only method which possibly could work and came to my mind was using
> somehow $_GET parameter for username and password (encrypted).
Set a cookie and crypt that (RC4 works well) and then check for the
cookie on both sites. Kind of like
On Tue, April 11, 2006 10:31 am, Alain Roger wrote:
> i have MySQL with 2 users in the "mysql" database which are root and
> uimmense.
> i suppose that what i see in the password field is the sha1 crypted
> password.
>
> is it correct or not ?
It could be SHA1, or it could be something else...
I
[snip]
i'm sure that it's a stupid question but i would like to have your
feedback
on it.
i have MySQL with 2 users in the "mysql" database which are root and
uimmense.
i suppose that what i see in the password field is the sha1 crypted
password.
is it correct or not ?
but lets continue...
in f
> i do not see really realistic if everytime that a new user is
> registered to
> my application, i have to create him a profile for MySQL database.
Is there a reason you need to have each user login into mysql individually?
Most often a single login is used for the script to log into the databa
Good advice! Thanks!
Jeff
> -Original Message-
> From: Chris Shiflett [mailto:[EMAIL PROTECTED]
> Sent: Friday, October 03, 2003 5:19 PM
> To: Jeff McKeon; php
> Subject: RE: [PHP] User Authentication Continued
>
>
> > --- Jeff McKeon <[EMAIL P
> --- Jeff McKeon <[EMAIL PROTECTED]> wrote:
> > $query="SELECT * from tickets where VesselID='$_GET['vesselid']'
> > order by Status DESC, Created ASC";
>
> $query = "select * from tickets where vesselid = '{$_GET['vesselid']}'
> order by status desc, created asc";
>
> Note the curly b
One more mystery solved.
Thanks one and all
Jeff
> -Original Message-
> From: Robert Cummings [mailto:[EMAIL PROTECTED]
> Sent: Friday, October 03, 2003 4:55 PM
> To: Jeff McKeon
> Cc: PHP-General; [EMAIL PROTECTED]
> Subject: RE: [PHP] User Authen
* Thus wrote Jeff McKeon ([EMAIL PROTECTED]):
> Actually, here's the problem I get with using global variables in a
> mysql_query string..
>
> [error begin]
> PHP Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE,
> expecting T_STRING or T_VARIABLE or T_NUM_STRING
> [error end]
>
>
On Fri, 2003-10-03 at 16:44, Jeff McKeon wrote:
> Actually, here's the problem I get with using global variables in a
> mysql_query string..
>
> [error begin]
> PHP Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE,
> expecting T_STRING or T_VARIABLE or T_NUM_STRING
> [error end]
>
--- Jeff McKeon <[EMAIL PROTECTED]> wrote:
> $query="SELECT * from tickets where VesselID='$_GET['vesselid']'
> order by Status DESC, Created ASC";
$query = "select * from tickets where vesselid = '{$_GET['vesselid']}'
order by status desc, created asc";
Note the curly braces.
Hope tha
e VesselID='$_GET['vesselid']' order
by Status DESC, Created ASC";
[code end]
Jeff
> -Original Message-
> From: Chris Shiflett [mailto:[EMAIL PROTECTED]
> Sent: Friday, October 03, 2003 3:45 PM
> To: Jeff McKeon; php
> Subject: Re: [PHP] User Authentica
--- Jeff McKeon <[EMAIL PROTECTED]> wrote:
> The problem I'm having is with the $_GET variables. I guess I'm not
> declaring them correctly. Do I need to set them as soon as the page
> loads, and outside of any functions like so..
>
> [code start]
> $custid = $_GET['custid'];
> $custname = $_GET['
I guess you would either need to make the vars global or else keep
redeclaring them. Obviously, redeclaring them in each function
$var=$_GET["whatever"] is technically the more secure method.
Kris
Jeff McKeon wrote:
Ok,
I've got the user authentication thing down and now I'm continuing to
bu
M
> To: Jeff McKeon; php
> Subject: RE: [PHP] User authentication
>
>
> --- Jeff McKeon <[EMAIL PROTECTED]> wrote:
> > Well both variables $userid and $userpassword are bounced off of a
> > user database table, if the username/password don't match then the
--- Jeff McKeon <[EMAIL PROTECTED]> wrote:
> Well both variables $userid and $userpassword are bounced off of a
> user database table, if the username/password don't match then the
> session variables are cleared with a session_destroy() call. Is that
> a good enough validation?
Yes, as long as y
> --- Jeff McKeon <[EMAIL PROTECTED]> wrote:
> > $_SESSION['userid'] = $userid;
> > $_SESSION['userpassword'] = $userpassword;
>
> [snip]
>
> > Anything look wrong or insecure with all of this?
>
> The only thing that catches my attention is your assignments
> for $_SESSION['userid'] and $_SE
--- Jeff McKeon <[EMAIL PROTECTED]> wrote:
> $_SESSION['userid'] = $userid;
> $_SESSION['userpassword'] = $userpassword;
[snip]
> Anything look wrong or insecure with all of this?
The only thing that catches my attention is your assignments for
$_SESSION['userid'] and $_SESSION['userpassword'].
Hi,
> Then when any new page loads it first checks to see if the user has a
> "CanEdit" value of "1", if not it boots them back to the page they came
> from, if so it runs a query to check their idle timestamp and subtrack
> it from the current unixtimestamp to find the difference. If it's
> grea
> Hi,
>
> > > (2) I would advise not mixing $_SESSION and
> > > session_register() -- it's problematical in some situations. Just
> > > stick to using the $_SESSION array.
> >
> > I'm not quite sure what you mean here, can you give an example or
> > elaborate. Sorry, real newbie here... :o)
>
include"punctuation";
Jeff
> -Original Message-
> From: Didier McGillis [mailto:[EMAIL PROTECTED]
> Sent: Thursday, October 02, 2003 2:36 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [PHP] User authentication
>
>
> for those of you who are writing a
for those of you who are writing apps and looking at this and you have
customers adding things to their session such as a cart or something else
and you destroy the session the information that they were keeping in their
session would be lost so if you dont want pissed off customers calling
say
Hi,
> > (2) I would advise not mixing $_SESSION and
> > session_register() -- it's problematical in some situations.
> > Just stick to using the $_SESSION array.
>
> I'm not quite sure what you mean here, can you give an example or
> elaborate. Sorry, real newbie here... :o)
$_SESSION['u
Hi,
> So when a user logs in you write a user_id and datestamp to a field in
> your sessions table. Every time the person accesses a page you update
> the datestamp in that record. Then you run a function that checks every
> X minutes if the timestamp is older than X minutes and if so you log th
On Friday 03 October 2003 01:59, Jeff McKeon wrote:
> So when a user logs in you write a user_id and datestamp to a field in
> your sessions table. Every time the person accesses a page you update
> the datestamp in that record. Then you run a function that checks every
> X minutes if the timest
> Hi,
>
> > What is stored in the date_out column? Is that one of the
> colums in
> > your own created table or a standard one?
>
> That's the SQL table that I use to track sessions. Its
> one I created. I have a functon that does a simple SQL query:
>
> SELECT date_out FROM se
On Friday 03 October 2003 01:50, Jeff McKeon wrote:
> > (2) I would advise not mixing $_SESSION and
> > session_register() -- it's problematical in some situations.
> > Just stick to using the $_SESSION array.
>
> I'm not quite sure what you mean here, can you give an example or
> elaborate. Sorr
>
> On 02 October 2003 17:27, Jeff McKeon wrote:
>
> > Ok,
> >
> > I've got a login page that has these funtions to set the userid and
> > password to session variables
> >
> > [code start]
> > session_start();
> > if(!isset($userid)) {
> > login_form();
> > ex
Hi,
> (1) I don't see a session_start() on the second page (unless it's in
> register_functions.php?).
Old habbits die hard. You have no idea how many times I forget to put this
at the top of a page. Thanks for pointing that out.
-Dan Joseph
--
PHP General Mailing List (http://www.ph
On 02 October 2003 17:27, Jeff McKeon wrote:
> Ok,
>
> I've got a login page that has these funtions to set the userid and
> password to session variables
>
> [code start]
> session_start();
> if(!isset($userid)) {
> login_form();
> exit;
> }
> else {
>
Hi,
> The problem is that the $_SESSION['userid'] doesn't return anything on
> this page..
> Am I not calling the session variable correctly or not storing it
> correctly?
> In my php.ini I have globals turned off. Does this effect it?
Hi, yeah, its my understanding (and someone can corr
xit;
}
else echo "welcome, $username!";
}
[code end]
I then have a simple test page with the following code...
[code start]
-Original Message-
> From: Dan Joseph [mailto:[EMAIL PROTECTED]
> Sent: Thursday, October 02, 2003 11:39 AM
> To: php
> Subject:
Hi,
> What is stored in the date_out column? Is that one of the colums in
> your own created table or a standard one?
That's the SQL table that I use to track sessions. Its one I created. I
have a functon that does a simple SQL query:
SELECT date_out FROM sessions WHERE user_i
* Thus wrote Dan Joseph ([EMAIL PROTECTED]):
> Hi,
>
> > That's great help and exactly what I'd like to do timeouts and all. I
> > now just need to figure out he mechanics of the code for it and get a
> > better understanding of sessions. I'm thinking in the user table I'll
> > have a bunch of b
What is stored in the date_out column? Is that one of the colums in
your own created table or a standard one?
Jeff
> -Original Message-
> From: Dan Joseph [mailto:[EMAIL PROTECTED]
> Sent: Thursday, October 02, 2003 11:34 AM
> To: php
> Subject: RE: [PHP] User authentica
Thanks for the advise! It's a big help.
I'll go play now and come back with more intelligent questions later!
Jeff
> -Original Message-
> From: Dan Joseph [mailto:[EMAIL PROTECTED]
> Sent: Thursday, October 02, 2003 11:32 AM
> To: Jeff McKeon; Dan Joseph; php
>
Hi,
> How do you check for idle? I suppose there is a built in variable that
> you check against the value in the table. How do I pull up or refer to
> session variables?
Additionally, I also check to see if the date_out column in my sessions
table is -00-00 00:00:00, if not, I boot
Hi,
> That's great help and exactly what I'd like to do timeouts and all. I
> now just need to figure out he mechanics of the code for it and get a
> better understanding of sessions. I'm thinking in the user table I'll
> have a bunch of boolean fields for different permissions that apply to
> d
eck against the value in the table. How do I pull up or refer to
session variables?
Thank,
Jeff
> -Original Message-
> From: Dan Joseph [mailto:[EMAIL PROTECTED]
> Sent: Thursday, October 02, 2003 11:15 AM
> To: php
> Subject: RE: [PHP] User authentication
>
>
>
Hi,
> I'm not quite sure how to do this however so I'm looking for advise to
> point me in the right direction. I suspect, that once validated via the
> login page, I need to store the users permissions in a session variable
> and then before each page loads, check to see if the page's permission
i have changed the code to:
//register the session variables
$_SESSION['ses_name'] = mysql_result($result, 0, "User_Name");
$_SESSION['ses_pass'] = mysql_result($result, 0, "User_Password");
$_SESSION['ses_level'] = mysql_result($result, 0, "User_Type");
but if i try to log in again the ses
i have changed the code to:
"Olinux" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> use:
> $_SESSION['ses_name'] = 'something';
> $_SESSION['ses_pass'] = 'something';
> $_SESSION['ses_level'] = 'something';
>
> instead of:
> > session_register("ses_name");
> > session_register("ses_
--- shaun <[EMAIL PROTECTED]> wrote:
...
> > > $ses_name = $suser_name;
> > > $ses_pass = $suser_password;
> > > $ses_level = $stype_level;
> > >
> > > session_register("ses_name");
> > > session_register("ses_pass");
> > > session_register("ses_level");
> >
> > This is the mome
use:
$_SESSION['ses_name'] = 'something';
$_SESSION['ses_pass'] = 'something';
$_SESSION['ses_level'] = 'something';
instead of:
> session_register("ses_name");
> session_register("ses_pass");
> session_register("ses_level");
All $_SESSION entries are automatically registered.
See the following
"Chris Shiflett" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> --- shaun <[EMAIL PROTECTED]> wrote:
> > Using the following code I am able to authenticate which type of user is
> > visiting my page, however if I try to log in again with a different type
of
> > user the session vari
--- shaun <[EMAIL PROTECTED]> wrote:
> Using the following code I am able to authenticate which type of user is
> visiting my page, however if I try to log in again with a different type of
> user the session variables still assume that the original user was logged
> in, is there a way to reset the
On Wednesday 05 June 2002 10:05, Analysis & Solutions wrote:
> Hi Jule:
>
> On Tue, Jun 04, 2002 at 09:48:36PM -0400, Jule Slootbeek wrote:
> > What is the best way for user authentication (now i'm talking about the
> > most secure and easiest way).
> > Now i've been using sessions, and i was wond
Hi Jule:
On Tue, Jun 04, 2002 at 09:48:36PM -0400, Jule Slootbeek wrote:
>
> What is the best way for user authentication (now i'm talking about the
> most secure and easiest way).
> Now i've been using sessions, and i was wondering if cookies were better
> and easier...
Regardless of what you
John Holmes wrote:
> Sessions use cookies as it is...so what do you really want to do...what
> do you want to protect?
>
> ---John Holmes...
>
>
Oh ok, that explains it then...
Well thanks for the info anyway. I was basically just wondering which
method was reccommended..
Jule
--
J
id in the querystring or post of each page.
Regards
Jarrad Kabral
-Original Message-
From: John Holmes [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, 5 June 2002 11:48 AM
To: [EMAIL PROTECTED]; 'php-general'
Subject: RE: [PHP] User Authentication
Sessions use cookies as it is
Sessions use cookies as it is...so what do you really want to do...what
do you want to protect?
---John Holmes...
> -Original Message-
> From: Jule Slootbeek [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, June 04, 2002 9:49 PM
> To: php-general
> Subject: [PHP] User Authentication
>
> Hey
To solve this problem, I store some variables in a session, and at the
beginning of each page that needs to be secure in my site, I check to see if
the session variable is set (usually $userid), if not I redirect the user
back to the logon page. At least two things will cause the variable to be
m
On Saturday 30 March 2002 02:24, Omland Christopher m wrote:
> So this will work it regonizes a real user vs. a fake on I do. But I don't
> understand whats to stop someone from directly linking to a protected
> page? For example why couldn't someone just go directly to
> ./about.php.
You're
"Paul Burney" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> on 12/16/01 12:58 PM, Daniel Grace at [EMAIL PROTECTED] wrote:
>
> > Anyways, though the 401 part works and actually brings up the typical
"Enter
> > Username/Password" box, $PHP_AUTH_USER and $PHP_AU
on 12/16/01 12:58 PM, Daniel Grace at [EMAIL PROTECTED] wrote:
> Anyways, though the 401 part works and actually brings up the typical "Enter
> Username/Password" box, $PHP_AUTH_USER and $PHP_AUTH_PW are not being set.
> There are no .htaccess files in the directory (or any parent dirs for that
>
Caveat: Don't forget to escape user input before sending to SQL. Those samples leave
that part to your imagination. Bad guys might take advantage of that :)
> http://www.google.com/search?q=php+mysql+user+authentication&b
tnG=Google+Search
>
> First hit's a winner :)
>
>
--
PHP General M
http://www.google.com/search?q=php+mysql+user+authentication&btnG=Google+Search
First hit's a winner :)
Damien Burke wrote:
> Hi,
>
> Can anyone recommend a good place on the web to learn about user
> authentication.
> I want users of my site to login with a username & password - once they are
s [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, October 31, 2001 3:06 AM
> To: Johnson, Kirk
> Cc: PHP General List
> Subject: Re: [PHP] User Authentication against remote authentication
> serve r [ LDAP ]
>
>
> On Mon, Oct 29, 2001 at 04:54:37PM -0700, Johnson, Kirk wrote
On Mon, Oct 29, 2001 at 04:54:37PM -0700, Johnson, Kirk wrote:
> Thanks for the link, Kurt. Can you also point to any authentication code
> examples, or further discussion? The user comments in the manual suggest
> there are at least a couple ways to code stuff, ldap_compare vs ldap_bind.
> Any ad
age-
> From: Kurt Lieber [mailto:[EMAIL PROTECTED]]
> Sent: Monday, October 29, 2001 3:58 PM
> To: PHP General List
> Subject: Re: [PHP] User Authentication against remote authentication
> server [ LDAP ]
>
>
> > However, if the authentication server is not the web
> se
> However, if the authentication server is not the web server, instead,
> it is a remote independent server. How can we manage the user
> authentications at the web server side?
Use LDAP.
http://www.php.net/manual/en/ref.ldap.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscri
may be you can write a script (perl/php/*) which try to check/log/whatever
on the remote user sending a login/password, so if it returns ok yo can use
it to deny/allow the access to your local webserver.. it's like a kind of
authentication proxy
- Original Message -
From: "Zhu George-C
Hi there:
We have this functionality built into our core framework
with our custom session handling. The basic premise is that you don't
store a
1/0 in a 'logged in' flag, but store the session key with the username.
When someone logs in, assign their session key to that username. The
previ
try :
http://www.zend.com/zend/tut/authentication.php
regards,
philip
On Wed, 9 May 2001, Jerry Lake wrote:
> Does anyone know of a good user authentication/sessions
> tutorial for php 4? I've looked through the ones at phpbuilder
> and they are not quite as in-depth as I would like.
>
> J
Try this, it works for me.
Mike
if(!isset($PHP_AUTH_USER)) {
Header("WWW-Authenticate: Basic realm=\"User Database\"");
Header("HTTP/1.0 401 Unauthorized");
echo "ERRORYou must enter a correct username and password
in order to proceed\n";
exit;
}
else {
>Is there a way with PHP to use the Windows NT or Windows 2000
authentication
>information. So it can compare the username and password entered with
>either the cached information or the user information from the NT server...
>This is for an intranet setup... Has anyone tried this kind of thing?
67 matches
Mail list logo
