webmaster1 Posted April 30, 2010 Author Share Posted April 30, 2010 Putting the security check code as the first thing a page would be kind of important for a script that was trying to show how to create and use an Access Control List. It's only three lines of php code (plus the {} brackets for the if() statement.) You can always move it to be above the form processing code on the pages. Seems straight forward enough. As long as the author didn't have a specific reason for the positioning of the security check code it should just be a cut and paste job then. input validation, escaping, error checking, and error reporting... Fortunately, I'm relatively comfortable with these areas. I like the concept of ACL because I can manage my entire site without having to reiterate the same login and security check pages/tables for different sections of the site. I'll definitely look into Zend once I have a little more free time. Link to comment https://forums.phpfreaks.com/topic/200101-session-basics-independent-sessions/page/2/#findComment-1051011 Share on other sites More sharing options...
PFMaBiSmAd Posted April 30, 2010 Share Posted April 30, 2010 The only piratical (practical) reason the authors would have for intentionally putting the security check code after the form processing code would be so that the authors or any other hacker can alter the ACL database tables on your site by submitting the appropriate post/get data. Link to comment https://forums.phpfreaks.com/topic/200101-session-basics-independent-sessions/page/2/#findComment-1051039 Share on other sites More sharing options...
webmaster1 Posted May 2, 2010 Author Share Posted May 2, 2010 piratical (practical) Link to comment https://forums.phpfreaks.com/topic/200101-session-basics-independent-sessions/page/2/#findComment-1051914 Share on other sites More sharing options...
webmaster1 Posted May 2, 2010 Author Share Posted May 2, 2010 For anyone using the tutsplus ACL... The pages requiring exit(); for header redirects: [*]/acl/index.php [*]/acl/admin/index.php [*]/acl/admin/perms.php [*]/acl/admin/roles.php [*]/acl/admin/users.php The pages requiring the repositioning of the security check: [*]/acl/admin/perms.php [*]/acl/admin/roles.php [*]/acl/admin/users.php Link to comment https://forums.phpfreaks.com/topic/200101-session-basics-independent-sessions/page/2/#findComment-1051942 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.