Jump to content
php.lv forumi

Session pārveidošana


Snaip3Rs

Recommended Posts

Es izmēģināju visu ko zināju un izmeklēju google, bet gan jau jūs varēsiet pateikt! Tātad es ielogojos un pass, username glabājās session

Ta es ieeju lapā kur var izveidot topiku un vēlos lai nebūtu jāraksta savs vārds viņš izņem no session username un automatiski to ieposto iekšā!

 

Pēc manām domām jamaina rindiņa kur ir $username=$_POST['username'];

$topic=$_POST['topic'];
$detail=$_POST['detail'];
$username=$_POST['username'];
$email=$_POST['email'];

$datetime=date("d/m/y h:i:s"); //create date time

$sql="INSERT INTO $tbl_name(topic, detail, username, email, datetime)VALUES('$topic', '$detail', '$username', '$email', '$datetime')";
$result=mysql_query($sql);

Link to comment
Share on other sites

Ja gribi redzēt visu garo kodu, lukur ir! Un es nezinu kā var pasargāt, viena droša lieta ir tas ka tikai registretie lietotāji var postot tikai! :)

 

<?php
session_start();
?>
<?php

// get data that sent from form
$topic=$_POST['topic'];
$detail=$_POST['detail'];
$username=$_POST['username'];
$email=$_POST['email'];

$datetime=date("d/m/y h:i:s"); //create date time

$sql="INSERT INTO $tbl_name(topic, detail, username, email, datetime)VALUES('$topic', '$detail', '$username', '$email', '$datetime')";
$result=mysql_query($sql);

if($result){
echo "Successful<BR>";
echo "<a href=main_forum.php>View your topic</a>";
}
else {
echo "ERROR";
}
mysql_close();
?>

Link to comment
Share on other sites

A kā viņš var nokaut ja nevar ielogoties jo man pass ir ar ar md5 un katras lapas sakuma sis kods!

 

<?php

// Inialize session
session_start();

// Check, if username session is NOT set then this page will jump to login page
if (!isset($_SESSION['username'])) {
       header('Location: login.php');
}

?>

Link to comment
Share on other sites

Nu bet ja Tu uzseto $_SESSION['username']=$POST['username'] kā pagaidām izskatās, kāda nafig tur drošība?

Jebkurš un no jebkura hosta un postformas gāzīs iekšā ko vien vēlas tur.

Pie tam globāli username ir pietiekami izplatīts mainīgais un tādus jebkurš bots ražos maisiem.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...