Re: password protection - does this work?
From: juglesh (juglesh_at_nospamRadioKDUG.com)
Date: 02/22/05
- Next message: Michael Fesser: "Re: password protection - does this work?"
- Previous message: Michael Satterwhite: "Re: Web url in form"
- In reply to: MS: "Re: password protection - does this work?"
- Next in thread: Michael Fesser: "Re: password protection - does this work?"
- Reply: Michael Fesser: "Re: password protection - does this work?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 21 Feb 2005 17:21:11 -0800
"MS" <SpamNoThnx_santa____clause@hotmail.com> wrote in message
news:cvdsbr$pcr$1@titan.btinternet.com...
>
>> > I presume you have
>> >
>> > $password = $_POST['password'];
>> >
>> > at the top of your page ?
>>
>> no, and that reminds me of another question.
>>
>> But first, would I need that for password protection? an intruder could
> put
>> the password in the query string, but he'd still have to know the
> password.
>>
>> yeah, on that $_POST['password']; thing, its working fine without it, and
>> for that matter, I don't usually have to use $_GET either, my scripts
>> usually can 'get' the variable from the query string automagically. I
> just
>> use the variable that I have sent. what's up with that?
>>
>> juglesh
>>
>>
>
> Im not sure about the automagically assigning values to variables
>
> If you make your form POST instead of GET the passed variables of the form
> are not visible within the URL
>
> In which case you would use
> $password = $_POST['password'];
> to retrieve the passed value of password
>
> If you use GET in your form the values are visible within the URL and you
> would use
> $password = $_GET['password'];
> to retrieve the passed value of password
well, yeah, I know all about that (and I am using obviously post in my
password form), what I'm saying is it works without $_POST['password']. the
script above is exactly what I'm using, from the top. yeah, I just tested
it, if I put "?password=secretword" in the address bar, I am 'logged in'.
So, I'm wondering if there's some special circumstances where you need to
use $_POST[] and $_GET[] to get those values. Maybe older versions of php?
-- juglesh
- Next message: Michael Fesser: "Re: password protection - does this work?"
- Previous message: Michael Satterwhite: "Re: Web url in form"
- In reply to: MS: "Re: password protection - does this work?"
- Next in thread: Michael Fesser: "Re: password protection - does this work?"
- Reply: Michael Fesser: "Re: password protection - does this work?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
