is there any problem replacing this way

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
rami
Forum Contributor
Posts: 217
Joined: Thu Sep 15, 2005 8:55 am

is there any problem replacing this way

Post by rami »

ok just for the moment forgeting session hijacking factor....
suppose i do like this to check if user is logged in every page
if (!isset($_SESSION['name']) && !isset($_SESSION['level'])) {
do task in normal page give for to edit/delete if it is thier page using id on session
}
else
{
}

now rather writing code in each page if i replace it with function in fuctions.php
and do
function checklogin()
{
if (!isset($_SESSION['id']) && !isset($_SESSION['level'])) {
$var=1;
}
else
{
$var=0
}
return $var;


and now if i do
include functions
$logging=0;
$logging=checklogin();
if ($logging==1)
{
do task
}
else
{
donot do
}

so are there any problems?
how secure is it..?
any suggestion and modification.....
if global registers are on what can be problems..in this...
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: is there any problem replacing this way

Post by Christopher »

They are the same, but I think your check logic is backwards.
(#10850)
rami
Forum Contributor
Posts: 217
Joined: Thu Sep 15, 2005 8:55 am

Re: is there any problem replacing this way

Post by rami »

backwards in what way ..you mean old

how can i upgrade it or make it better...
any suggestion and help

thanks
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: is there any problem replacing this way

Post by Christopher »

Code: Select all

function isLoggedIn() {
    return isset($_SESSION['id']) && isset($_SESSION['level']);
}
(#10850)
rami
Forum Contributor
Posts: 217
Joined: Thu Sep 15, 2005 8:55 am

Re: is there any problem replacing this way

Post by rami »

thanks
now i am doing directly this
if (isLoggedIn())
{
}
else
{

}

i think there is no problem doing it .Inst it?

can some body expand that login check function to make it even safer ....

thanks
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: is there any problem replacing this way

Post by kaisellgren »

How about you start using code tags, even better would be if you use PHP code tags.

Code: Select all


;)
Post Reply