Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- prons with password scripts (newbie)
July 27, 2004, 8:06 am
rate this thread
programs, what seems will take 10 minutes ends up taking 10 hours.. I
suspect the anwser is of the type 'if you know it, it's easy'
I want to password-protection *each* of my photo albums from one page
using PHP so
I downloaded and incroporated a free PHP script to do this.
The script worked fine on my home machine.
However, when I used a differnt machine, I only had to enter a
password once for *any* of the albums and all the other albums
instantly become freely accessible.
The site structure is something like this (under each album directory
there are three extra files that provide the protection)
and so on
FYI - I opted for using 'sessions' not 'cookies'
I have two questions:
1) why did one machine demand a password for only the first album
requested, then provide free access to all the others (thus defeating
the whole objective of password protection)?
It bothers me that the script worked fine on one machine then was crap
on another (I'm confused because I thought PHP was supposed to be
independent of the client's brower, platform or whatever)
2) i have decided not to use the *logout* script.. hence logout.php
serves no purpose as i removed the 'logout' button from the photo
Is this related to (1).
From my understanding, logout is only useful if people access my site
from a machine with different users (eg in a cybercafe). Leaving it
out means that visitors using the same machine do not have to log in
each time they visit the page, ie particular photo album.
Is this correct?
thanks for any help
Re: prons with password scripts (newbie)
questions, I'll try and clear some things up for you:
Without the logout button, you are leaving the session open. This means that
the server will wait for a pre-determined amount of time (20 mins normally)
before forgetting the browser that made the call. The session relies on the
browser staying on your site too. If the user closes the browser and opens
it again, then it starts with a new identity, therefore the server won't
match it to the open session, and will create a new one (hoping that the
browser you have now closed will come back to the first session).
You will need to set a cookie that expires a while off in the future, and
use this to identify the user that logged in before.
Finally, the session will work across the server... Therefore you need to
build in to the session a way of seeing which photo album has been logged in
to, and work out if they have access to the current one. Otherwise, once
logged in on one, the session will remain and they will appear to be logged
in on all of the photo albums.
With cookies, you can set the path on the server that the cookie refers
too... therefore the album recognition was probably built in anyway, using
that, as each album is in a different location.
Does this help? Feel free to ask more, or ask me to expand.
- » CGI variables: /usr/local/bin/php test.php --x=hello --y=123
- — Previous thread in » PHP Scripting Forum