Database id, password access by absolute newbie...
Moderator: General Moderators
Database id, password access by absolute newbie...
Hi,
I have a database which needs access from two types of users: reader and writers.
I have a login page which allows people to login to the search function or to the "insert" function.
This main page reads an id and a pwd and posts them to the second page.
The second page opens a connection to the db just to test if the id and pwd are valid. It also containes a form to enter a car model and number plate.
I then pass this info to a third page which searches the db and displays the results.
In order to pass the id and pwd from the second to the third page tho, I am using a hidden field in the form, which is not a good idea because the password is plainly visible.
Could anyone suggest a better way to pass the variables from one page to another, or for another way to do the whole process?
Sorry if you ve answered this before, but I ve looked EVERYWHERE on google and can t find anything.
I ve been working on php for 3 days and 2 have been spent lookign for a solution to this.
Thanks to all in advance
Azh
I have a database which needs access from two types of users: reader and writers.
I have a login page which allows people to login to the search function or to the "insert" function.
This main page reads an id and a pwd and posts them to the second page.
The second page opens a connection to the db just to test if the id and pwd are valid. It also containes a form to enter a car model and number plate.
I then pass this info to a third page which searches the db and displays the results.
In order to pass the id and pwd from the second to the third page tho, I am using a hidden field in the form, which is not a good idea because the password is plainly visible.
Could anyone suggest a better way to pass the variables from one page to another, or for another way to do the whole process?
Sorry if you ve answered this before, but I ve looked EVERYWHERE on google and can t find anything.
I ve been working on php for 3 days and 2 have been spent lookign for a solution to this.
Thanks to all in advance
Azh
-
malcolmboston
- DevNet Resident
- Posts: 1826
- Joined: Tue Nov 18, 2003 1:09 pm
- Location: Middlesbrough, UK
save it in a session
then to retrieve
i think thats correct, hope it helps anyway
Code: Select all
session_start();
$_SESSION['sessionname'] = $_POST['value_of_form_field'];Code: Select all
print $_SESSION['sessionname'];-
malcolmboston
- DevNet Resident
- Posts: 1826
- Joined: Tue Nov 18, 2003 1:09 pm
- Location: Middlesbrough, UK
<--- loves the way sami always replies with a link (a very helpful one at that though)
it is also achievable with cookies, but has some security risks, it is probably easier to do it with cookies, one drawback with cookies though are header (already sent blah blah) so your code has to be well thought out if you are starting a session as well, another major drawback is that cookies cannot be created and read on the same page, cookies can also be read, altered and this is the security risk that made me stop using them for such methods that you are describing, check out sessions (possibly with MD5 hashing if the info is sensitive)
check out the link though for a more in-depth explanation
it is also achievable with cookies, but has some security risks, it is probably easier to do it with cookies, one drawback with cookies though are header (already sent blah blah) so your code has to be well thought out if you are starting a session as well, another major drawback is that cookies cannot be created and read on the same page, cookies can also be read, altered and this is the security risk that made me stop using them for such methods that you are describing, check out sessions (possibly with MD5 hashing if the info is sensitive)
check out the link though for a more in-depth explanation
-
malcolmboston
- DevNet Resident
- Posts: 1826
- Joined: Tue Nov 18, 2003 1:09 pm
- Location: Middlesbrough, UK
believe me it is
what do you mean by structure this issue?
im not godly but i tend to look at security
Cookies are awful at doing htings like this, so awful they should be banned
sessions can be made transparent and therefore v-difficult to find out the values inside them, unless you got a serious site (microsoft for eg) which u shud invest in SSL and full MD5 hashing
my 2 cents if i havent answered your Q, please feel free to clarify
what do you mean by structure this issue?
im not godly but i tend to look at security
Cookies are awful at doing htings like this, so awful they should be banned
sessions can be made transparent and therefore v-difficult to find out the values inside them, unless you got a serious site (microsoft for eg) which u shud invest in SSL and full MD5 hashing
my 2 cents if i havent answered your Q, please feel free to clarify
Last edited by malcolmboston on Mon Dec 15, 2003 4:49 am, edited 1 time in total.
Thx malcolmboston,
what i meant is that an experienced programmer would hadly use three pages for a simply query.
Was wondering how you d do it.
Also, does anyone get the feeling in Php that things just start and stop working without reason?
Anybody have a Visual C++ like debugger for php handy
Ciao
Azh
what i meant is that an experienced programmer would hadly use three pages for a simply query.
Was wondering how you d do it.
Also, does anyone get the feeling in Php that things just start and stop working without reason?
Anybody have a Visual C++ like debugger for php handy
Ciao
Azh
My debugger is internet explorer.
Zend has one I believe: http://php.weblogs.com/discuss/msgReader$435?mode=day
Zend has one I believe: http://php.weblogs.com/discuss/msgReader$435?mode=day
-
malcolmboston
- DevNet Resident
- Posts: 1826
- Joined: Tue Nov 18, 2003 1:09 pm
- Location: Middlesbrough, UK
if u can get zend studio (by any means necessary) get it, its great
and btw fyi im pretty much newbie but have done all the things you are asking about
sami knows
<------------------------------------------------->
more than me
and info lock knows
<----------------------------------------------------------------->
more than me
i would do it like this
first page
please note that it is very important that your input fields are named username and password for the PHP to know where the get the values from
2nd page
and to connect to teh DB like this (MySQL example coming up
this might note work, like i said im no PHP guru, but the general idea is the same, if u need anything else just ask
and btw fyi im pretty much newbie but have done all the things you are asking about
sami knows
<------------------------------------------------->
more than me
and info lock knows
<----------------------------------------------------------------->
more than me
i would do it like this
first page
Code: Select all
session_start();
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];2nd page
Code: Select all
session_start();
// this is used to retrieve the data
print $_SESSION['username'];
print $_SESSION['password'];Code: Select all
mysql_connect_db ("localhost, .$_SESSION['username'], .$_SESSION['password']";I don't like the sound of thatmalcolmboston wrote:if u can get zend studio (by any means necessary)
So here's what I did:
Code: Select all
session_name("nays_session"); // states a name for the session
session_start(); // starts session-Nay