Re: Semi-OT: PHP Login with client security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On May 18, 2008, at 10:14 PM, Tim Thorburn wrote:


Hi all,
Having a slight problem with a demo I gave at a clients last week - looking for a little advise. Part of my demo involved a password protected area - the simplified process is: client enters password on login page > if login/password match encrypted database, PHP session is created, form forwards to a secured area > secured area checks to make sure PHP session is valid > if valid display content, if not, return to login screen.
This procedure is what I've used for many years, tested on a variety of servers and connections. It works. During the demo with my client, I was able to enter login/password info, the PHP session was created - however the screen would not forward to the secured area. Instead I was pretended with a blank screen (client only has an outdated/non-updated version of IE6). If I were to type in the URL to the secured area, it would display content properly. As a test, I logged out, closed my browser and started again, this time entering an incorrect login/password - again it would not forward to the next screen properly, however this time when I typed in the full URL, it would not display as the session hadn't been created.
I've spoken briefly with my clients IT person, however he's unwilling to share any firewall information or really anything regarding their security setup - which I understand as I'm not an employee and just a contractor.
So, after long winded description - does anyone with network security experience have any idea either a) what I would need to ask the IT person to allow for their site only, or b) have any suggestions for alternate password authentication that may work given the above conditions? 

TIA
-Tim




try to use a full url instead of relative. e.g.

header('location: thankyou.php');

vs.

header('location: http://www.mysite.com/thankyou.php');

or use $_SERVER['DOCUMENT_ROOT'] for portability.

i think this is some weirdness on IE6. this worked for me.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux