spdwrench Posted October 21, 2007 Share Posted October 21, 2007 I am using a variable $sAuth to login member of my site from one script into another... is this secure? can this variable $sAuth by set from anywhere else but within my own site??? I know it probally sounds like a dumb question but please let me know.... Paul Link to comment https://forums.phpfreaks.com/topic/74196-simple-question/ Share on other sites More sharing options...
only one Posted October 21, 2007 Share Posted October 21, 2007 A variable is always secure.. And as far as i know the only way for people to be able to get variables from you site is by using cURL. Just make sure that whenever you use a form action of post, set your variable as $_POST['variable'] etc. Link to comment https://forums.phpfreaks.com/topic/74196-simple-question/#findComment-374751 Share on other sites More sharing options...
spdwrench Posted October 21, 2007 Author Share Posted October 21, 2007 little more information it appears the sAuth is a cookie it looks like this... setcookie("sAuth", $fMember[ id ]); this cookie is set on my site when members log in... but I want to use it to identify them in PHPBB3 (Forum) and sign them in automaticly will this be secure? thanks Paul Link to comment https://forums.phpfreaks.com/topic/74196-simple-question/#findComment-374757 Share on other sites More sharing options...
only one Posted October 21, 2007 Share Posted October 21, 2007 I'd advise if you want to gather the information from that cookie to use $_COOKIE['sAuth']; rather than just sAuth. And yes it should be secure. Link to comment https://forums.phpfreaks.com/topic/74196-simple-question/#findComment-374759 Share on other sites More sharing options...
spdwrench Posted October 22, 2007 Author Share Posted October 22, 2007 thanks for that ... I am putting in the integration for the autologin to the forum on wednesday... thanks for your advise Paul Link to comment https://forums.phpfreaks.com/topic/74196-simple-question/#findComment-375203 Share on other sites More sharing options...
derwert Posted October 22, 2007 Share Posted October 22, 2007 Is $fMember[ id ] their member id on the forum? If you're automatically logging a user in by a member id defined in a cookie then the answer is no this is not secure. Link to comment https://forums.phpfreaks.com/topic/74196-simple-question/#findComment-375221 Share on other sites More sharing options...
spdwrench Posted October 22, 2007 Author Share Posted October 22, 2007 ok... can you please explain? how easy can this be violated? and do you know how? how could I protect it? Paul Link to comment https://forums.phpfreaks.com/topic/74196-simple-question/#findComment-375823 Share on other sites More sharing options...
derwert Posted October 23, 2007 Share Posted October 23, 2007 A person can change their cookies, so they could change it to any user id and your script would log them in. You are using phpbb3 so use their existing code to handle sessions and user authentication. Link to comment https://forums.phpfreaks.com/topic/74196-simple-question/#findComment-375875 Share on other sites More sharing options...
spdwrench Posted October 24, 2007 Author Share Posted October 24, 2007 my problem is... the users log in to my dating site then when they click the forum they are prompted to log in again... so would the answer be to find the login area's of both sides? and make sure sessions for both are started when they sign in either the forum or the site... or vise versa... this seams the only logical way then? thanks Paul Link to comment https://forums.phpfreaks.com/topic/74196-simple-question/#findComment-376660 Share on other sites More sharing options...
teng84 Posted October 24, 2007 Share Posted October 24, 2007 use session or maybe cookies Link to comment https://forums.phpfreaks.com/topic/74196-simple-question/#findComment-376671 Share on other sites More sharing options...
derwert Posted October 24, 2007 Share Posted October 24, 2007 It sounds like the problem is you want to use both session management for each script; it would be better to pick one of the existing ways that sessions are handled then implement that into the second script. Since you want to authenticate with phpbb3, I'd just use its session management and add it to your other script. Link to comment https://forums.phpfreaks.com/topic/74196-simple-question/#findComment-376717 Share on other sites More sharing options...
spdwrench Posted October 24, 2007 Author Share Posted October 24, 2007 I am working up some code now.. thanks for the advise people..will post back on my progress later. Link to comment https://forums.phpfreaks.com/topic/74196-simple-question/#findComment-376950 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.