Re: [Phplib-users] Registration Question
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] Registration Question
|
From: <alt...@ya...> - 2002-10-25 12:40:21
|
It looks to me with the default setup that is you > are using login_if to > register and the person types an existing login name > and password, then it > will silently authenticate them. This is not a good > thing when the purpose > of auth is protection. This is true. There is a solution, but is not backwd compatible with existing phplib installations. In the form (login/register) add an hidden field, eg: <input name=req_action value=reg> or value=log then on top of your auth_validatelogin, if HTTP_POST_VATS[req_action] != "log" return false same in auth_doregister: if (req_action != "reg") return false. We thought to add this, but didn't because of bckwd compatibility Gian > Is there any way to force the person to enter > something unique when > registering besides moding auth_doregister above > auth_validatelogin? I was > thinking maybe setting a hidden form variable and > checking for its existence > in auth_validatelogin and returning false if it > existed. > > Thoughts, comments. I am trying to do something for > the examples so I want > it to be the way it was meant to work... > > Rob Hutton > Web Safe > www.wsafe.com > > ********************************************************************** > > Introducing Symantec Client Security - Integrated > Anti-Virus, > Firewall, and Intrusion Detection for the Client. > > Learn more: > http://enterprisesecurity.symantec.com/symes238.cfm?JID=2&PID=11624271 > > > > > ------------------------------------------------------- > This sf.net email is sponsored by: Influence the > future > of Java(TM) technology. Join the Java Community > Process(SM) (JCP(SM)) program now. > http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0003en > _______________________________________________ > Phplib-users mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phplib-users > > ______________________________________________________________________ Mio Yahoo!: personalizza Yahoo! come piace a te http://it.yahoo.com/mail_it/foot/?http://it.my.yahoo.com/ |
