I'm having trouble with this code working. Can anyone take a look at it and see if they can find a problem with it? I've attached the login script, as well as the validation script. If anymore information is needed, I will provide it. Thanks.
having trouble with validating cookies
- Thread starter rmrf
- Start date
kamper
Diamond Member
- Mar 18, 2003
- 5,513
- 0
- 0
First of all: please indent your code. That will make it much easier to read.
Second: do I understand that you are storing a permission level in a cookie? Bad, bad idea. All the user has to do is find out what the higher security level is and they can change their cookie and go anywhere on your site. Much better is simply to judge the security level based on their user identity which they can't spoof without a password.
Third: In your if (isset($_COOKIE[uname])) block you go as far as querying the database but then stop. Shouldn't you be doing something to make sure that the security code is correct and then taking an appropriate action?
Do I gather that the two parts of this script do not occur together? In that case this statement: else if ($_COOKIE[uname] = $row['securityhash']) makes no sense at all because you've already checked that $_COOKIE[uname] isn't set and $row will not have been populated yet.
Second: do I understand that you are storing a permission level in a cookie? Bad, bad idea. All the user has to do is find out what the higher security level is and they can change their cookie and go anywhere on your site. Much better is simply to judge the security level based on their user identity which they can't spoof without a password.
Third: In your if (isset($_COOKIE[uname])) block you go as far as querying the database but then stop. Shouldn't you be doing something to make sure that the security code is correct and then taking an appropriate action?
Do I gather that the two parts of this script do not occur together? In that case this statement: else if ($_COOKIE[uname] = $row['securityhash']) makes no sense at all because you've already checked that $_COOKIE[uname] isn't set and $row will not have been populated yet.
reply to:
1. Sorry, I figured if nothing else the documentation made up for some of it.
2. Ok, I have changed that, and decided to use an md5 hash of their password.
3. I guess that is where I am confused. I have the 'if' up there, but once I get done with the query, what do I do? My thought was:
I see now that it won't work, but what am I doing wrong? How do I nest if statements, if it is possible?
Thanks for taking the time to look at my problem.
1. Sorry, I figured if nothing else the documentation made up for some of it.
2. Ok, I have changed that, and decided to use an md5 hash of their password.
3. I guess that is where I am confused. I have the 'if' up there, but once I get done with the query, what do I do? My thought was:
- * check if the cookie is set
- * if it is, query the database, then move to the next
- * match the data from the cookie with the query I just did
I see now that it won't work, but what am I doing wrong? How do I nest if statements, if it is possible?
Thanks for taking the time to look at my problem.
I figured it out, but I am too tired to explain what I did right now. I am going to bed and will post back for future reference when I wake up. Good night.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter