I guess it is... but read the replys to my email, the solution is quite
simple and effective.
At 16:49 14/8/2001 +0100, you wrote:
>what about registering a var called loggedin with the session and then
>testing on each script to see if it's set to 1 or something ?
>
>then base the access on that ? that's what i use and then register uid with
>the session as well so you can use it througout your site ...
>
>ok you've got me worried now, are there any problems with security doing it
>that way ????
>
>Steve
>
>"Christian Dechery" <[EMAIL PROTECTED]> wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I have pages that uses session for security that looks something like
>this:
> >
> > <?php
> > session_start();
> >
> > if( !isset($uid) )
> > {
> > include("include/auth.inc.php");
> > auth_user();
> > }
> >
> > more code...
> > ?>
> >
> > so $uid tells me if the user is logged on or not...
> >
> > but what if somebody calls the script directly from the address bar like
> > this: http://server/script.php?uid=10
> >
> > wouldn't this be a security problem?
> > ____________________________
> > Christian Dechery (lemming)
> > http://www.tanamesa.com.br
> > Gaita-L Owner / Web Developer
> >
>
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]
____________________________
. Christian Dechery (lemming)
. http://www.tanamesa.com.br
. Gaita-L Owner / Web Developer
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
