spdwrench Posted October 21, 2007 Share Posted October 21, 2007 I am using a variable $sAuth to login member of my site from one script into another... is this secure? can this variable $sAuth by set from anywhere else but within my own site??? I know it probally sounds like a dumb question but please let me know.... Paul Quote Link to comment Share on other sites More sharing options...
only one Posted October 21, 2007 Share Posted October 21, 2007 A variable is always secure.. And as far as i know the only way for people to be able to get variables from you site is by using cURL. Just make sure that whenever you use a form action of post, set your variable as $_POST['variable'] etc. Quote Link to comment Share on other sites More sharing options...
spdwrench Posted October 21, 2007 Author Share Posted October 21, 2007 little more information it appears the sAuth is a cookie it looks like this... setcookie("sAuth", $fMember[ id ]); this cookie is set on my site when members log in... but I want to use it to identify them in PHPBB3 (Forum) and sign them in automaticly will this be secure? thanks Paul Quote Link to comment Share on other sites More sharing options...
only one Posted October 21, 2007 Share Posted October 21, 2007 I'd advise if you want to gather the information from that cookie to use $_COOKIE['sAuth']; rather than just sAuth. And yes it should be secure. Quote Link to comment Share on other sites More sharing options...
spdwrench Posted October 22, 2007 Author Share Posted October 22, 2007 thanks for that ... I am putting in the integration for the autologin to the forum on wednesday... thanks for your advise Paul Quote Link to comment Share on other sites More sharing options...
derwert Posted October 22, 2007 Share Posted October 22, 2007 Is $fMember[ id ] their member id on the forum? If you're automatically logging a user in by a member id defined in a cookie then the answer is no this is not secure. Quote Link to comment Share on other sites More sharing options...
spdwrench Posted October 22, 2007 Author Share Posted October 22, 2007 ok... can you please explain? how easy can this be violated? and do you know how? how could I protect it? Paul Quote Link to comment Share on other sites More sharing options...
derwert Posted October 23, 2007 Share Posted October 23, 2007 A person can change their cookies, so they could change it to any user id and your script would log them in. You are using phpbb3 so use their existing code to handle sessions and user authentication. Quote Link to comment Share on other sites More sharing options...
spdwrench Posted October 24, 2007 Author Share Posted October 24, 2007 my problem is... the users log in to my dating site then when they click the forum they are prompted to log in again... so would the answer be to find the login area's of both sides? and make sure sessions for both are started when they sign in either the forum or the site... or vise versa... this seams the only logical way then? thanks Paul Quote Link to comment Share on other sites More sharing options...
teng84 Posted October 24, 2007 Share Posted October 24, 2007 use session or maybe cookies Quote Link to comment Share on other sites More sharing options...
derwert Posted October 24, 2007 Share Posted October 24, 2007 It sounds like the problem is you want to use both session management for each script; it would be better to pick one of the existing ways that sessions are handled then implement that into the second script. Since you want to authenticate with phpbb3, I'd just use its session management and add it to your other script. Quote Link to comment Share on other sites More sharing options...
spdwrench Posted October 24, 2007 Author Share Posted October 24, 2007 I am working up some code now.. thanks for the advise people..will post back on my progress later. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.