SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Zealot
    Join Date
    Jul 2000
    Posts
    132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Right,
    On my advertising system, once advertisers have signed up, they can login at a form on a login page.

    The login page script checks the password and login name are ok, and if so, it redirects them to a page which displays all their adverts with stats etc.

    So, when it redirects them to the advert listing page, the php is:
    Code:
    $location = "advertiserhome.php?login=$login&password=adpassword";
    
    header ("Location: $location");
    So as you can see, it is unsafe, because the password is in the url.
    What I would like to do is encrypt it, and then decrypt it on the page it redirects to.
    It might sound like this is needless, but honestly, it isn't.
    Does anyone know how I could encrypt and decrypt it?

    Cheers.
    -aJ

  2. #2
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Why don't you just register them as session variables so they will be persistent adn you will not need to append them to the url string.
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  3. #3
    AdSpeed.com Son Nguyen's Avatar
    Join Date
    Aug 2000
    Location
    Silicon Valley
    Posts
    2,241
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, using session management is the best soln.
    Some good tutorial could be find at phpbuilder.com and devshed.com
    Note: Only in PHP4. With PHP3 you need to use extra library
    - Son Nguyen
    AdSpeed.com - Ad Serving and Ad Management Made Easy

  4. #4
    SitePoint Zealot
    Join Date
    Jul 2000
    Posts
    132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Right.
    Cheers guys.
    BUT..
    What are session variables!
    How do I pass them across without them being seen..

    (remember, I am redirecting in the form:
    header ("Location: BLAHBLAH");

    Cheers.
    -aJ

  5. #5
    AdSpeed.com Son Nguyen's Avatar
    Join Date
    Aug 2000
    Location
    Silicon Valley
    Posts
    2,241
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Session variable will be username and password
    Just before the redirection, you will have to register those session variables so the info could be passed throughout other pages
    - Son Nguyen
    AdSpeed.com - Ad Serving and Ad Management Made Easy

  6. #6
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Basically you would call
    session_start();

    at the top of every page you want access to session data, then once the user is authorized you can register the variables so for instance if you form has username and password once they get validated you could use:

    session_register("username");
    and
    session_register("password");

    then on every page that you call session_start();

    you can call $username and $password its that simple

    I usually stick something like this on top of every protected page to make sure the person is indeed logged in.

    session_start();
    if(!$username) {
    header("Location: ../login.php");
    }


    Please don't PM me with questions.
    Use the forums, that is what they are here for.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •