FRIHOST • FORUMS • SEARCH • FAQ • TOS • BLOGS • COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


*Really Super Duper Urgent* Cookies and Authentication





polly-gone
*Super Duper Urgent*
I need to finish a website by Wednesday, and need info, FAST!

Okay, so I need a quick tip. What is the best way to make sure that included pages aren't visited in an unintended way, that is very efficient and simple.

Like, if website.com/main/loginFormProcess.php is included in website.com/index.php?action=login, I want to prevent someone from going to website.com/main/loginFormProcess.php and setting fake cookies.

What I use is:



Code:
#TEST TO SEE IF THE USER IS TELLING THE TRUTH AND THE COOKIES AREN'T FAKE COOKIES!!!!! Mmmm.... cookies....
      $connection = mysql_connect($host, $user, $pass) or die('Unable to connect to the K11 Redemption Tribal Tools Master Database. Please mail EchoXero and 1Freeman1 IN GAME to report the problem. Tell them:' . mysql_error());
     
      //Select USERS Database
      mysql_select_db($db) or die('Unable to Connect to the Users Database. Please mail EchoXero and 1Freeman1 IN GAME to report this problem. Tell them:' . mysql_error());
     
      //Mash the cookies
      $un = $_COOKIE['user'];
      $pw = $_COOKIE['pass'];
      $vf = $_COOKIE['verif'];
      $lvl = $_COOKIE['level'];
     
      //Generate the query
      $query = "SELECT username, password, level, verif FROM K11R_Users WHERE username = '$un' AND password = '$pw' AND verif = '$vf' AND level = '$lvl'";
      $result = mysql_query($query) or die("Error in query: $query. " . mysql_error());
     
      //IF Records Present
    if (($row = mysql_fetch_array($result)) > 0)
    {

PAGE CONTENTS

    }


What is a simpler way.

Thanks,

-Nick Smile Smile Smile
mathiaus
Something I picked up from phpBB (I don't know who first thought of/used this though) and used in frims was the following.

In your index.php
Code:
define('IN_FRIMS', true);


In your included files not to be accessed directly
Code:
if (!defined('IN_FRIMS')) die("Hacking attempt");




This is obviously more efficient than MySQL queries and will protect all included files that you apply it to, regardless of what they do.
polly-gone
Okay, so the whole website is included from index.php. So if I put the first one in index.php, and put the second one in all my other files, my other files become inaccessible unless you access then through index.php?

How reliable is this method?

-Nick Smile Smile Smile
rvec
anyone can still include the files, but if they don't know what variable to set and what value to give they won't be able to use it. So if you use a random string as value, I think it's quite secure.
polly-gone
Sweet. Thanks so much. This is SOOOOOO much easier than a 30 line authentication at the top of every page.

-Nick Smile Smile Smile

P.S. Second question... What are to cookies _utma, _utmb, etc that I keep noticing. Is that part of an authentication system?

And I want to have an authentication system that makes sure that people's 'level' cookies matches up with the level I have them set at in the database. For that, what should I use?
polly-gone
How can I make sure that people don't change their level? Should I define that too?

-Nick Smile Smile Smile

500TH POST! GO ME!
rvec
polly-gone wrote:
How can I make sure that people don't change their level? Should I define that too?

-Nick Smile Smile Smile

Use sessions
polly-gone
Okay, I got everything I need for now.

Close Sesame

-Nick Smile Smile Smile
rvec
-close-
Related topics
Your favourite group/singer? *OFFICIAL*
Abbott and Costello Buy a Computer
Top 10s of the Forum
New design of the home page
do i have SSH connection ?
CRT or LCD
Manifestacje gejów i lesbijek - za czy przeciw?
Scientific Theories
USA falling?
how much music do you have?
a joke
President's next state of the union address
Counter Strike 1.6
*Super Duper Urgent* "Headers Already Sent"
This topic is locked: you cannot edit posts or make replies.    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.