security not working

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
rami
Forum Contributor
Posts: 217
Joined: Thu Sep 15, 2005 8:55 am

security not working

Post by rami »

i my site i have used three security measure
first i used
http authentication

Code: Select all

$authorized = FALSE; 
if ( (isset($_SERVER['PHP_AUTH_USER']) AND isset($_SERVER['PHP_AUTH_PW'])) ) 
{

	if ( ($_SERVER['PHP_AUTH_USER'] == 'username ') AND ($_SERVER['PHP_AUTH_PW'] == 'passwd') ) { 	
$authorized = TRUE;
	}} 
if (!$authorized)
 {

problem: this method is even not taking the right password though seems working...


Code: Select all

if (!isset($_SESSION['id'])) 

{

	header ("Location:  http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php");
		
} else { 

do the job
}
problem:the page is accessible even session is not created

third....
i password protected pages but once i enter correct password i can access the page even after a day with out entering password
(i deleted the temporary files cookies as well)


so whose problem is it
my web space provider?

it works fine in localhost in a computer using apache server of easyphp1-8

any suggested methods
i need to protect the files which add contents to site and should be used my admin only..
please help
Post Reply