Re: How to build a web application the right way
- From: "phpdevkit" <phpdevkit@xxxxxxxxx>
- Date: 28 Dec 2006 18:07:38 -0800
I struggled with this too. I wanted my customer, the owner of the
webpage, to have the ability to run utilities to maintain his page's
database but prevent anyone from even accidentally running any of the
PHP utility scripts. It was more challenging considering the owner
might run these utilities from anywhere, like a public internet cafe.
I could have used a login and password but that can be picked up
enroute since we were not using https. I finally decided to display a
simple, random puzzle that only the customer knew how to solve. If the
answer he typed matched the answer sitting on the server, a session key
was set and he was free to use any of the utilities until he closed the
browser. Anyone coming along and perhaps reviewing the URL history
(e.g., http://www....com/deleterecord.php?id=101) would get an error
message if they tried to run them.
Write me for details.
Anthony Smith wrote:
I am looking into building a web application and one of the things I
want to do is to make sure the user is logged in. I know I can do this
by checking the session for a user object or something similar. Is
there a best practice for this. Currently what I do is have each page
include a check session include file.
.
- References:
- How to build a web application the right way
- From: Anthony Smith
- How to build a web application the right way
- Prev by Date: Re: newbie with multiple images upload question
- Next by Date: Re: How to build a web application the right way
- Previous by thread: How to build a web application the right way
- Next by thread: Re: How to build a web application the right way
- Index(es):
Relevant Pages
|
