I have created a login system which stores the username and password in the session. I installed 2 of this system in the same host but using different database. The trouble is that if one user is logged in one system and visit the protected page of the other system they can view the page...
Any ideas on this?
Session Management
Moderator: General Moderators
- DesignerSMS
- Forum Newbie
- Posts: 17
- Joined: Tue Aug 06, 2002 12:16 am
- Location: Gold Coast, Australia
Idea 1:
You could store the host of the page in the session as well. At the top of each page you would then just test to see if the host in the session is the same as the REMOTE_HOST server variable.
If the site is related to the path as well, you could use the dirname(...) of the PHP_SELF variable as well in the session/check.
Idea 2:
At the top of each page that you want secured you could test to see if the user should be able to log into this page with their username and password.
This would be something like:
I hope that you aren't storing the users passwords in plain text as this could be a large security flaw.
Anyway, hope this helps.
:: Kondro ::
You could store the host of the page in the session as well. At the top of each page you would then just test to see if the host in the session is the same as the REMOTE_HOST server variable.
If the site is related to the path as well, you could use the dirname(...) of the PHP_SELF variable as well in the session/check.
Idea 2:
At the top of each page that you want secured you could test to see if the user should be able to log into this page with their username and password.
This would be something like:
Code: Select all
$cn = mysql_pconnect();
mysql_select_db("user");
$sql = "SELECT * FROM user WHERE username = '{$_SESSIONї'username']}' AND password = '{$_SESSIONї'password']}'";
$rs = mysql_query($sql, $cn);
if ($rs && mysql_num_rows($rs) > 0) {
// Put your page code here.
}
else {
// The user doesn't belong here. Redirect them somewhere else.
}Anyway, hope this helps.
:: Kondro ::
-
daemorhedron
- Forum Commoner
- Posts: 52
- Joined: Tue Jul 23, 2002 11:03 am
Thanks Guys:D
Thanks for the tip.
P.S Don't worry I am not storing the password as plain text in the sessions! It's encrypted! ;D
P.S Don't worry I am not storing the password as plain text in the sessions! It's encrypted! ;D