Re: Semi-OT: PHP Login with client security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, May 19, 2008 at 1:14 AM, Tim Thorburn <immortal@xxxxxxxxxx> wrote:
> Hi all,
>
> Having a slight problem with a demo I gave at a clients last week - looking
> for a little advise.  Part of my demo involved a password protected area -
> the simplified process is: client enters password on login page > if
> login/password match encrypted database, PHP session is created, form
> forwards to a secured area > secured area checks to make sure PHP session is
> valid > if valid display content, if not, return to login screen.
>
> This procedure is what I've used for many years, tested on a variety of
> servers and connections.  It works.  During the demo with my client, I was
> able to enter login/password info, the PHP session was created - however the
> screen would not forward to the secured area.  Instead I was pretended with
> a blank screen (client only has an outdated/non-updated version of IE6).  If
> I were to type in the URL to the secured area, it would display content
> properly.  As a test, I logged out, closed my browser and started again,
> this time entering an incorrect login/password - again it would not forward
> to the next screen properly, however this time when I typed in the full URL,
> it would not display as the session hadn't been created.
>
> I've spoken briefly with my clients IT person, however he's unwilling to
> share any firewall information or really anything regarding their security
> setup - which I understand as I'm not an employee and just a contractor.
>
> So, after long winded description - does anyone with network security
> experience have any idea either a) what I would need to ask the IT person to
> allow for their site only, or b) have any suggestions for alternate password
> authentication that may work given the above conditions?
>
> TIA
> -Tim
>

You could check your access logs when that client is logging in to see
exactly what the browser is requesting.  That might give you a hint as
to what is going on.  Also you might check the error log for any fatal
errors if you're just getting a white screen.  Perhaps this IE
configuration is somehow triggering a piece of code that no others
have been able to before.

Are you using header redirects?  Perhaps you might change your logic
to be something like:
header("Location: ...");
<a href="...">Click here to go since your browser ignored the header</a>

Just some thoughts, good luck!

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux