ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
My first thought is to use some form of encryption/decryption technique. Encrypt it in when you write out the URL, and decrypt it on the page that reads that parameter....
Well, what kind of info is this? Is it something that is set once and never changed, like an ID/username/password? I would say try using sessions. They don't show up in the url and and are really easy to learn.
I guess you could use sessions on links also, but I'm not sure how you would reset the variables each time.
Originally posted by Khabi Well, what kind of info is this? Is it something that is set once and never changed, like an ID/username/password? I would say try using sessions. They don't show up in the url and and are really easy to learn.
I guess you could use sessions on links also, but I'm not sure how you would reset the variables each time.
Yes, that's exactly the kind of info it is. What do you mean by using "sessions"? I guess I'll type that into the search on php.net and see what I find.
All I want to do is really simple though (since this is only for an assignment):
If a user logs in with a username and password to a certain part of a site, for every page in that section of the site I would just check the username and password and verify them by checking the appropriate table.
But if I pass those variables via the href, then anyone walking by could see someone's username and password.
Here's a quick Session tutorial then.. **INCLUDING CODE**
I'm leaving out the stuff about checking login against password. This is just a general TUTORIAL.
The easiest way to explain sessions are they are like cookies. It lets you store variables that follow you from page to page. So if you set up a variable named "Username" on one page using a session you can access that same variable from another page with out having to pass the variable via the URL.
They're actually pretty simple. First you HAVE to start the session. This needs to be done on any page that needs to be able to read the session data.
Code:
<?php
session_start();
?>
now you need to register your variables for the session. You only do this once. Do it before you put any data in those variables.
Code:
<?php
session_register("variable_name_here");
?>
Next you'll add whatever data you want to that variable just like you would any other
Code:
<?php
$variable_name_here = "SOME DATA HERE";
?>
now you can access $variable_name_here from any page that has session_start(); on it.
**NOTES**
session_start(); needs to be the first thing on each page (besides the <?php)
If you have any questions feel free to IM me on AIM at outtasns I'll be happy to help.
Yeah, it sounds like sessions are probably what you want, and I should have probably thought of them too, since they are what I use for the login for my own site.
I was thinking you just had some information you wanted to pass to another page, and didn't want to use a form to do that. One advantage to my encryption idea is that you would be able to bookmark URLs that pass that information. However, for a login setup, that could also be a disadvantage, because if someone had the exact URL they could view pages as a logged in user without "officially" logging in.
okay, well you're right on those. I haven't followed recently. The reason I said to register first is just because I find it easier to read But you're right you can do it either way.
Here the changes after looking at the doc. instead of having
Code:
<?php
session_register("variable_name_here");
$variable_name_here = "SOME DATA HERE";
?>
You will just simply use
Code:
<?php
$_SESSION["variable_name_here"] = "SOME DATA HERE.";
?>
Sorry for the missrep :-)
**EDIT**
Forgot to add to call the variable you'll use $_SESSION["variable_name_here"] instead of $variable_name_here
Khabi I must say you are a lifesaver! I thought I was going to have to go back and change a ton of code - but all I've had to do is add 4 lines of code (the same each time) to each page I want secure!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.