i don't think that just calling $username would work unless register global is on. you would need to call it using $_SESSION['username']
Mark
a problem i cant seem to get around
Moderator: General Moderators
-
malcolmboston
- DevNet Resident
- Posts: 1826
- Joined: Tue Nov 18, 2003 1:09 pm
- Location: Middlesbrough, UK
-
malcolmboston
- DevNet Resident
- Posts: 1826
- Joined: Tue Nov 18, 2003 1:09 pm
- Location: Middlesbrough, UK
thank you v-much, ill take you up on that
im just waiting for a couple of my threads to be replied to and then im off home to try this out, honestly if this works i will have faith again in PHP
This stupid problem has been troubling me for months now, and i think this is a pretty secure way of doing it, (unless session is hijacked or sniffed packets, coz i dont have SSL, and dont need it)
if it works, youve saved my life
cheers
im just waiting for a couple of my threads to be replied to and then im off home to try this out, honestly if this works i will have faith again in PHP
This stupid problem has been troubling me for months now, and i think this is a pretty secure way of doing it, (unless session is hijacked or sniffed packets, coz i dont have SSL, and dont need it)
if it works, youve saved my life
cheers
You have to change $username to $_SESSION['username']... then it should work..
for being safe from SESSION hijacking, don't just keep the username in the Session, but also the IP the user has used to login (so in login.php just put $_SESSION['remote_addr']=$_SERVER['REMOTE_ADDR']
Everytime you check if the user has logged in, also check that his IP is still the same as in your session... no hijacking possible...
for being safe from SESSION hijacking, don't just keep the username in the Session, but also the IP the user has used to login (so in login.php just put $_SESSION['remote_addr']=$_SERVER['REMOTE_ADDR']
Everytime you check if the user has logged in, also check that his IP is still the same as in your session... no hijacking possible...
-
malcolmboston
- DevNet Resident
- Posts: 1826
- Joined: Tue Nov 18, 2003 1:09 pm
- Location: Middlesbrough, UK