Menu
▾
▴
[Phpcourier-users] switch ( $_POST['type'] )
|
From: Peter <li...@gm...> - 2003-12-22 23:51:30
|
Hi, well, not knowing too much now about your code, still reading on I see this: // Master administrators can view both types switch ( $_POST['type'] ) that means, every user can easily make himself a master administrator by changing the content of posted variable "type" to "admin"??? Well, that might be a bigger security issue then... Maybe I am wrong here, as I still have not checked the whole code. This somehow relates to the session-question I posed. Why don=B4t you use native php-sessions? Built in fallback mode is a great value. if we have sessions at all, it would be more secure to keep the state of the user (admin or user) as a session var, not to be posted via a form.=20 ok, I=B4ll go ahead... |
