Re: Semi-OT: PHP Login with client security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Wolf wrote:
---- Tim Thorburn <immortal@xxxxxxxxxx> wrote:
Hi all,

Having a slight problem with a demo I gave at a clients last week - looking for a little advise. Part of my demo involved a password protected area - the simplified process is: client enters password on login page > if login/password match encrypted database, PHP session is created, form forwards to a secured area > secured area checks to make sure PHP session is valid > if valid display content, if not, return to login screen.

This procedure is what I've used for many years, tested on a variety of servers and connections. It works. During the demo with my client, I was able to enter login/password info, the PHP session was created - however the screen would not forward to the secured area. Instead I was pretended with a blank screen (client only has an outdated/non-updated version of IE6). If I were to type in the URL to the secured area, it would display content properly. As a test, I logged out, closed my browser and started again, this time entering an incorrect login/password - again it would not forward to the next screen properly, however this time when I typed in the full URL, it would not display as the session hadn't been created.

I've spoken briefly with my clients IT person, however he's unwilling to share any firewall information or really anything regarding their security setup - which I understand as I'm not an employee and just a contractor.

So, after long winded description - does anyone with network security experience have any idea either a) what I would need to ask the IT person to allow for their site only, or b) have any suggestions for alternate password authentication that may work given the above conditions?

TIA
-Tim

It sounds like your code is hokey, since IE is more stringent then other browsers, the code looks to be at fault.

What browsers did you test this with before taking it to the client? Firewalls shouldn't be any type of issue at all in this case, unless your browser is trying to redirect to another port, in which case, that should be something that the firewall won't affect internally anyways.
So all roads point back to code failure.

Wolf
The code has been tested on Win2k, XP, Vista, Linux and OSX - IE5.x, IE6.x, IE7, Netscape 9, Firefox 2, Firefox 5 beta 5, and Safari. Works on a variety of connections and locations outside of the clients office - does not work inside the clients office.

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux