Ok this is a major vulnerability that you are coding. Register globals on and password being stored in the session is like having a banner on your home page saying 'come and hack me'.
murugesan wrote:
My register_globals in set to ON in php.ini file. I cannot use HTTP_COOKIE_VARS because I need to pass the password from one page to another.
-murugesan ----- Original Message ----- From: <[EMAIL PROTECTED]> To: "php mailing list" <[EMAIL PROTECTED]> Sent: Tuesday, August 26, 2003 7:13 PM Subject: Re: [PHP] Cannot pass values from one page to another
what's your register globals settings? did you try to retrieve from HTTP_COOKIE_VARS ?
murugesan wrote:
Thanks for the message. I looked into the manual. But it is not working. Ofcourse I used session_start in every pages.
-murugesan
----- Original Message ----- From: "Jay Blanchard" <[EMAIL PROTECTED]> To: "murugesan" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, August 26, 2003 5:23 PM Subject: RE: [PHP] Cannot pass values from one page to another
[snip] I got this value in next page(main.php) But from there I am not able to pass it to next page I used session_register('uid'); in main.php but in next page $uid is returning null [/snip]
First, look at the manual for sessions. You have posted many questions where the manual would have provided you a solution.
Are you placing session_start() at the top of each page where you expect session variables to be available? You should be...
Have a pleasant day.
-- http://www.raditha.com/php/progress.php A progress bar for PHP file uploads.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
-- http://www.raditha.com/php/progress.php A progress bar for PHP file uploads.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
