| SitePoint Sponsor |
|
|
User Tag List
Results 1 to 6 of 6
Thread: ENCRYTING PASSWORDS:
-
Nov 15, 2000, 16:52 #1SitePoint Zealot
- Join Date
- Jul 2000
- Posts
- 132
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Right,
On my advertising system, once advertisers have signed up, they can login at a form on a login page.
The login page script checks the password and login name are ok, and if so, it redirects them to a page which displays all their adverts with stats etc.
So, when it redirects them to the advert listing page, the php is:So as you can see, it is unsafe, because the password is in the url.Code:$location = "advertiserhome.php?login=$login&password=adpassword"; header ("Location: $location");
What I would like to do is encrypt it, and then decrypt it on the page it redirects to.
It might sound like this is needless, but honestly, it isn't.
Does anyone know how I could encrypt and decrypt it?
Cheers.
-aJ
-
Nov 15, 2000, 18:14 #2Dumb PHP codin' cat
- Join Date
- Aug 2000
- Location
- San Diego, CA
- Posts
- 5,460
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Why don't you just register them as session variables so they will be persistent adn you will not need to append them to the url string.
Please don't PM me with questions.
Use the forums, that is what they are here for.
-
Nov 16, 2000, 01:27 #3AdSpeed.com
- Join Date
- Aug 2000
- Location
- Silicon Valley
- Posts
- 2,241
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Yes, using session management is the best soln.
Some good tutorial could be find at phpbuilder.com and devshed.com
Note: Only in PHP4. With PHP3 you need to use extra library- Son Nguyen
AdSpeed.com - Ad Serving and Ad Management Made Easy
-
Nov 16, 2000, 07:06 #4SitePoint Zealot
- Join Date
- Jul 2000
- Posts
- 132
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Right.
Cheers guys.
BUT..
What are session variables!
How do I pass them across without them being seen..
(remember, I am redirecting in the form:
header ("Location: BLAHBLAH");
Cheers.
-aJ
-
Nov 16, 2000, 08:38 #5AdSpeed.com
- Join Date
- Aug 2000
- Location
- Silicon Valley
- Posts
- 2,241
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Session variable will be username and password
Just before the redirection, you will have to register those session variables so the info could be passed throughout other pages- Son Nguyen
AdSpeed.com - Ad Serving and Ad Management Made Easy
-
Nov 16, 2000, 12:04 #6Dumb PHP codin' cat
- Join Date
- Aug 2000
- Location
- San Diego, CA
- Posts
- 5,460
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Basically you would call
session_start();
at the top of every page you want access to session data, then once the user is authorized you can register the variables so for instance if you form has username and password once they get validated you could use:
session_register("username");
and
session_register("password");
then on every page that you call session_start();
you can call $username and $password its that simple
I usually stick something like this on top of every protected page to make sure the person is indeed logged in.
session_start();
if(!$username) {
header("Location: ../login.php");
}
Please don't PM me with questions.
Use the forums, that is what they are here for.
Bookmarks