a problem i cant seem to get around

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

i don't think that just calling $username would work unless register global is on. you would need to call it using $_SESSION['username']

Mark
malcolmboston
DevNet Resident
Posts: 1826
Joined: Tue Nov 18, 2003 1:09 pm
Location: Middlesbrough, UK

Post by malcolmboston »

this thread > saved for later reading

thank you bech, always helping us n00bs :oops:

cheers mate
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

if you have ICQ and wanna chat through there later (evening) then feel free

My number is 8172414

Mark
malcolmboston
DevNet Resident
Posts: 1826
Joined: Tue Nov 18, 2003 1:09 pm
Location: Middlesbrough, UK

Post by malcolmboston »

thank you v-much, ill take you up on that

im just waiting for a couple of my threads to be replied to and then im off home to try this out, honestly if this works i will have faith again in PHP :D

This stupid problem has been troubling me for months now, and i think this is a pretty secure way of doing it, (unless session is hijacked or sniffed packets, coz i dont have SSL, and dont need it)

if it works, youve saved my life
cheers
User avatar
aquila125
Forum Commoner
Posts: 96
Joined: Tue Dec 09, 2003 10:39 am
Location: Belgium

Post by aquila125 »

You have to change $username to $_SESSION['username']... then it should work..

for being safe from SESSION hijacking, don't just keep the username in the Session, but also the IP the user has used to login (so in login.php just put $_SESSION['remote_addr']=$_SERVER['REMOTE_ADDR'];)
Everytime you check if the user has logged in, also check that his IP is still the same as in your session... no hijacking possible...
malcolmboston
DevNet Resident
Posts: 1826
Joined: Tue Nov 18, 2003 1:09 pm
Location: Middlesbrough, UK

Post by malcolmboston »

hey man

damn good idea!

i was worried about something like that, pretty simple answer actually :P
btw it all worked

but view my other post :oops:
Post Reply