Mailit, LLC a écrit :
$userName = $_POST[userName];
$passw= $_POST[passw];
(...)
$cmd = "SELECT * FROM theTable "
. "WHERE userName='$userName' ";
$res = mysql_query( $cmd ) or die( "Password search failed." );
Without validating userName in $_POST, that code is vulnerable
--- Begin Message ---
Here is the setup that I have used.
Please, adapt to your needs.
Table 'theTable' is supposed to contain columns fname, mname, lname
and ePass (encrypted password). The crypt() function produces a password
that
cannot be decrypted and really works well.
Of course, you need t
Kevin,
I'm having some issues with my email client right now so I'm sorry if
you've already found the answer. There is a way for PHP to do this
without the need to modify your web server's configuration or bothering
with .htaccess/ .htpasswd files by simply modifying the http headers
that your
Kevin Javia wrote:
I am experimenting on my site and I want to make it password protected like
www.realsolution.com.
http://www.zend.com/zend/tut/authentication.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Wed, 2005-02-16 at 21:31, Kevin Javia wrote:
> I am experimenting on my site and I want to make it password protected like
> www.realsolution.com.
>
> If any one enters correct user name and password, only then they will be
> able to enter into my site.
>
> How can I do that in PHP?
>
> Any i
The only way to keep a password secure between the client and server is to
use a Secure Socket Layer (SSL) to create an encrypted channel of
communication between the client and server. You can see this in practice
over at Sourceforge.net. They use PHP over an SSL connection to handle user
logins.
6 matches
Mail list logo
