how secure is this?
Posted: Sun Apr 23, 2006 11:28 am
Jcart | Please use
(note:i know many will say not to use password()..i am trying to upgrade but here now i am trying to inquire about these $_SESSION.)
and i am protecting pages as(including this script in the beginning of page)
HOW STRONG IS THIS METHOD AND USE OF SEESION.
FOr TEST only IT WAS NICE BUT NOW i am thinking of making real application that will contain some protected area setting a website.
i am afarid that this may later prove to be childish method when some people who know php find it..
how vunerable is it for hack(means is there any loops?)
for administrators page along with sesssion if (!isset($_SESSION['user_id']))(separate table)
i am also using HTTP authentication...
i have not used .htacess file for now...
normally i only use these as security ...
is that session security secure? or will it just prove to be security against users who dont know php?
how much vunerable is it from php hacking...?
any other methods recommended?which is strong?
normally according to experts (survey) which methods is preferred?
(note: i am updating that password() to sha and md5 soon...for now it is query about session)
Jcart | Please use
Code: Select all
andCode: Select all
tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
how strong is my script?
for login i am doingCode: Select all
$query = "SELECT user_id,batch_id,name FROM students WHERE username='$u' AND password=PASSWORD('$p')";
$result = @mysql_query ($query);
$row = mysql_fetch_array ($result);
if ($row) {
session_start();
$_SESSION['user_id'] = $row[0];
$_SESSION['batch_id'] = $row[1];and i am protecting pages as(including this script in the beginning of page)
Code: Select all
if (!isset($_SESSION['user_id']))
{
header ("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "index.php");
ob_end_clean(); // Delete the buffer.
exit(); // Quit the script.
} else {HOW STRONG IS THIS METHOD AND USE OF SEESION.
FOr TEST only IT WAS NICE BUT NOW i am thinking of making real application that will contain some protected area setting a website.
i am afarid that this may later prove to be childish method when some people who know php find it..
how vunerable is it for hack(means is there any loops?)
for administrators page along with sesssion if (!isset($_SESSION['user_id']))(separate table)
i am also using HTTP authentication...
i have not used .htacess file for now...
normally i only use these as security ...
is that session security secure? or will it just prove to be security against users who dont know php?
how much vunerable is it from php hacking...?
any other methods recommended?which is strong?
normally according to experts (survey) which methods is preferred?
(note: i am updating that password() to sha and md5 soon...for now it is query about session)
Jcart | Please use
Code: Select all
andCode: Select all
tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]