Semi-OT: PHP Login with client security
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Hi all,
Having a slight problem with a demo I gave at a clients last week -
looking for a little advise. Part of my demo involved a password
protected area - the simplified process is: client enters password on
login page > if login/password match encrypted database, PHP session is
created, form forwards to a secured area > secured area checks to make
sure PHP session is valid > if valid display content, if not, return to
login screen.
This procedure is what I've used for many years, tested on a variety of
servers and connections. It works. During the demo with my client, I
was able to enter login/password info, the PHP session was created -
however the screen would not forward to the secured area. Instead I was
pretended with a blank screen (client only has an outdated/non-updated
version of IE6). If I were to type in the URL to the secured area, it
would display content properly. As a test, I logged out, closed my
browser and started again, this time entering an incorrect
login/password - again it would not forward to the next screen properly,
however this time when I typed in the full URL, it would not display as
the session hadn't been created.
I've spoken briefly with my clients IT person, however he's unwilling to
share any firewall information or really anything regarding their
security setup - which I understand as I'm not an employee and just a
contractor.
So, after long winded description - does anyone with network security
experience have any idea either a) what I would need to ask the IT
person to allow for their site only, or b) have any suggestions for
alternate password authentication that may work given the above conditions?
TIA
-Tim
[Index of Archives]
[PHP Home]
[Apache Users]
[PHP on Windows]
[Kernel Newbies]
[PHP Install]
[PHP Classes]
[Pear]
[Postgresql]
[Postgresql PHP]
[PHP on Windows]
[PHP Database Programming]
[PHP SOAP]
