dvdriper Posted February 19, 2008 Share Posted February 19, 2008 hi, I'm new to php, ... have a question, it's not a complicated one I guess... If I have a website, and on every page there is a condition... something like that: if (isset($_SESSION["nickname"]) and isset($_SESSION["pass"])) { echo "<html> ... the page.... "; } else { echo "access denied!"; exit; } I wonder, if someone on his computer makes a script like this: <?php session_start(); $_SESSION['nickname'] = "whatever"; $_SESSION['nickname'] = "whatever"; ?> and after that enteres my site... the script will deny him? if no, please, what should I make to somehow protect my script.... I guess i need on every page to ask the database if there is such a session with "nickname" with such a "pass", yes? Quote Link to comment Share on other sites More sharing options...
revraz Posted February 19, 2008 Share Posted February 19, 2008 They can't do it like that. Quote Link to comment Share on other sites More sharing options...
dvdriper Posted February 19, 2008 Author Share Posted February 19, 2008 so, I'm well protected? i don't need to check if there is a username and a pass out there ? Quote Link to comment Share on other sites More sharing options...
monkeypaw201 Posted February 19, 2008 Share Posted February 19, 2008 right.. just a piece of advice... i wouldn't have passwords as session variables, especially if they aren't encrypted Quote Link to comment Share on other sites More sharing options...
dvdriper Posted February 19, 2008 Author Share Posted February 19, 2008 i used a varible , the nickname, i need more? or it's enough? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.