Oh yeah. My bad. I forgot. I changed my directives to be smarter than that ;-) http://www.php.net/manual/en/configuration.directives.php Yes, the person is passing it in, but it will get over-ridden by the session and mooted out. > -----Original Message----- > From: Leif K-Brooks [mailto:eurleif@buyer-brokerage.com] > Sent: Monday, October 28, 2002 9:08 PM > To: Daevid Vincent > Cc: php-db@lists.php.net > Subject: Re: The Ethics and Access of Login > > > That's a HUGE security flaw! Anyone could send that in a GPC > value and > get unauthorized access! USE $_SESSION['login'] INSTEAD!!! > > Daevid Vincent wrote > > >Then at the top of each page, just check if they're logged in or not. > > if( !$login ) { Header("Location: ".$LOGINPAGE."\n\n"); exit; } > > > > > > -- > The above message is encrypted with double rot13 encoding. > Any unauthorized attempt to decrypt it will be prosecuted to > the full extent of the law. > > > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
