Re: password protection - does this work?

From: juglesh (juglesh_at_nospamRadioKDUG.com)
Date: 02/22/05

Next message: Michael Fesser: "Re: password protection - does this work?"

Previous message: windandwaves: "Re: speed"
In reply to: MS: "Re: password protection - does this work?"
Next in thread: Michael Fesser: "Re: password protection - does this work?"
Reply: Michael Fesser: "Re: password protection - does this work?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Mon, 21 Feb 2005 17:21:11 -0800

"MS" <SpamNoThnx_santa____clause@hotmail.com> wrote in message
news:cvdsbr$pcr$1@titan.btinternet.com...
>
>> > I presume you have
>> >
>> > $password = $_POST['password'];
>> >
>> > at the top of your page ?
>>
>> no, and that reminds me of another question.
>>
>> But first, would I need that for password protection? an intruder could
> put
>> the password in the query string, but he'd still have to know the
> password.
>>
>> yeah, on that $_POST['password']; thing, its working fine without it, and
>> for that matter, I don't usually have to use $_GET either, my scripts
>> usually can 'get' the variable from the query string automagically. I
> just
>> use the variable that I have sent. what's up with that?
>>
>> juglesh
>>
>>
>
> Im not sure about the automagically assigning values to variables
>
> If you make your form POST instead of GET the passed variables of the form
> are not visible within the URL
>
> In which case you would use
> $password = $_POST['password'];
> to retrieve the passed value of password
>
> If you use GET in your form the values are visible within the URL and you
> would use
> $password = $_GET['password'];
> to retrieve the passed value of password

well, yeah, I know all about that (and I am using obviously post in my
password form), what I'm saying is it works without $_POST['password']. the
script above is exactly what I'm using, from the top. yeah, I just tested
it, if I put "?password=secretword" in the address bar, I am 'logged in'.
So, I'm wondering if there's some special circumstances where you need to
use $_POST[] and $_GET[] to get those values. Maybe older versions of php?

-- 
juglesh

Next message: Michael Fesser: "Re: password protection - does this work?"

Previous message: windandwaves: "Re: speed"
In reply to: MS: "Re: password protection - does this work?"
Next in thread: Michael Fesser: "Re: password protection - does this work?"
Reply: Michael Fesser: "Re: password protection - does this work?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

Re: password protection - does this work?
... > If you make your form POST instead of GET the passed variables of the form ... > to retrieve the passed value of password ... well, yeah, I know all about that (and I am using obviously post in my ...
(comp.lang.php)
Re: Overboard Idea
... Yeah, I was thinking that. ... I don't see a particular downside. ... Access your favorite newsgroups from home or on the road ... Another, somewhat related issue, is how to retrieve an unconscious person... ...
(rec.boats.cruising)
Re: check instace already running...
... > Yeah, but how can i retrieve my PID number?And how do i check if the ... Send instant messages to your online friends http://uk.messenger.yahoo.com ...
(comp.lang.python)
Re: ONE: Dont You Just Hate . . .
... Do I gotta wear surgical gloves to retrieve the cd sleeve? ... Yeah, right. ...
(rec.music.movies)