phplib-users — A list for users of phplib to talk / discuss phplib

Re: [Phplib-users] OOHForms, template and validate

[Tarique S. <ta...@sa...>]

On Sun, 19 May 2002, Bertram Simon wrote:

> I use oohforms with a templatesystem using the get_ series. If javascript on
> the client is disabled, $f->validate() won't work with servervalidation.
> It's always empty. Is this a bug?

Are you using  the $err in your template

show us some code - this should work

Cheers
Tarique

-- 
=============================================================
PHP Applications for E-Biz: http://www.sanisoft.com

Indian PHP User Group: http://groups.yahoo.com/group/in-phpug
=============================================================

[Phplib-users] OOHForms, template and validate

[Bertram S. <ph...@ag...>]

Hello list,

I have following problem:

I use oohforms with a templatesystem using the get_ series. If javascript on
the client is disabled, $f->validate() won't work with servervalidation.
It's always empty. Is this a bug?

Thank you for your help!

Bertram

Re: [Phplib-users] Session/user data and default authentication

[Giancarlo P. <gia...@na...>]

> 
> First step: Suppose there's a variable called A. While being nobody, this
> variable is set to 1. After logging on its value is <undefined>. Now while
> logged on this variable will be set again to 1.
> Second step: Restart the browser. While being nobody, the variable A is set
> to 3. After logging on its value is 1. Now while logged on this variable
> will be set again to 3.
> Second step: Restart the browser. While being nobody, the variable A is set
> to 12. After logging on its value is 3. etc.
> 
> How can that be? I am not using any register() methods from user-classes.

Are you sure of this last statement?

A good test is to use a browser like netscape, and set the
preferences/advanced to
'warn me before accepting a cookie'. 

This wil pop-up an alert every time a cookie is set by the browser, with
the cookiename and value, so you can check if a new, different session
cookie is issued to you (which shouldn't) when you log on as a
registered user.


Giancarlo

RE: [Phplib-users] phplib templates blocks

[Layne W. <la...@if...>]

> I don't want the html inside the blocks to print if the block
> is undefiened.
> For example:
>
> <!-- BEGIN TheBlock -->
> I don't want this text to show if the block "TheBlock" is undefiened.
> <!-- END TheBlock -->
>
> Do i need to hack the set_block method?
> Has anyone else already done this?


The Template class is designed for substituting text, not handling logic.
Asking Template to search all variables for valid blocks and then remove
them is going to be _extremely_ inefficient. Instead, when you have multiple
possible blocks where only one block will show, do _not_ set the block that
will show - set and clear the unused block(s).


----- search_results.tpl -----

<h1>Search Results</h1>

<!-- BEGIN list -->
<table>
<!-- BEGIN row -->
<tr>
	<td>{some_data}</td>
</tr>
<!-- END row -->
</table>
<!-- END list -->

<!-- BEGIN no_list -->
<p>No items matched your query.</p>
<!-- END no_list -->


----- search_results.php -----

$t = new Template;
$t->set_file("results", "search_results.tpl");

// do a query here

if(count($results)) {
	$t->set_block("results", "row", "rows");
	// build the list here

	$t->set_block("results", "no_list");
	$t->set_var("no_list", "");
} else {
	$t->set_block("results", "list");
	$t->set_var("list", "");
}

-----

Layne Weathers
Ifworld Inc.

Re: [Phplib-users] phplib templates blocks

[anze <an...@vo...>]

> I don't want the html inside the blocks to print if the block is
> undefiened. For example:
>
> <!-- BEGIN TheBlock -->
> I don't want this text to show if the block "TheBlock" is undefiened.
> <!-- END TheBlock -->
>
> Do i need to hack the set_block method?
> Has anyone else already done this?

I suppose you mean that block is not parsed, but it should still be 
defined... Otherwise PHPlib doesn't know that this is a block.

After set_block() use set_var("TheBlock",""). "TheBlock" is of course 
varname, not block-name - but it is best to have those the same anyway.

Have fun!

Anze

[Phplib-users] template blocks and C comments

[Donncha O C. <don...@tr...>]

I hacked the set_block() function to support /* and */ to define a block.=
=20
Here's the patch, very simple, but I hadn't looked at the preg stuff in a=
=20
while so if anyone has a better idea please post it. Note also that I had=
 to=20
change where the "Content" is grabbed from.=20
This was done to work around this Mozilla bug with html comments in texta=
reas.
http://bugzilla.mozilla.org/show_bug.cgi?id=3D133044

Donncha.
PS. this is for the file: $Id: template.inc,v 1.5 2000/07/12 18:22:35 kk =
Exp $

--- /home/www/include/template.inc      Fri May 17 12:34:35 2002
+++ template.inc        Fri May 17 12:34:30 2002
@@ -104,10 +104,11 @@
       $name =3D $handle;
=20
     $str =3D $this->get_var($parent);
-    $reg =3D "/<!--\s+BEGIN $handle\s+-->(.*)\n\s*<!--\s+END $handle\s+-=
->/sm";
+    $reg =3D "/(<!--|\/\*)\s+BEGIN=20
$handle\s+(-->|\*\/)(.*)\n\s*(<!--|\/\*)\s+END $handle\s+(-->|\*\/)/sm";
     preg_match_all($reg, $str, $m);
     $str =3D preg_replace($reg, "{" . "$name}", $str);
-    $this->set_var($handle, $m[1][0]);
+    $this->set_var($handle, $m[3][0]);
     $this->set_var($parent, $str);
   }

[Phplib-users] phplib templates blocks

[dab <da...@li...>]

Hi

I don't want the html inside the blocks to print if the block is undefiened.
For example:

<!-- BEGIN TheBlock -->
I don't want this text to show if the block "TheBlock" is undefiened.
<!-- END TheBlock -->

Do i need to hack the set_block method?
Has anyone else already done this?

thanks in advance

/dab



__________________________________________________
D O T E A S Y - "Join the web hosting revolution!"
             http://www.doteasy.com

Re: [Phplib-users] OOH and templates

[Tarique S. <ta...@sa...>]

On Fri, 17 May 2002, Bertram Simon wrote:

> How can I work with OOH and templates from a different class (not phplib).

Just as you would do with PHPlib :-)

Tarique

-- 
=============================================================
PHP Applications for E-Biz: http://www.sanisoft.com

Indian PHP User Group: http://groups.yahoo.com/group/in-phpug
=============================================================

[Phplib-users] OOH and templates

[Bertram S. <ph...@ag...>]

How can I work with OOH and templates from a different class (not phplib).

Thank you

Bertram

[Phplib-users] Session/user data and default authentication

[Lichte Hermann-S. <Her...@pd...>]

Hello everybody!

I am trying to figure out a bug in my project for at least three weeks now
and I don't have a clue what it might be so this is the last chance for me
to get any help.

What I would like to do is the following:
Have a webpage with default authentication. While authenticated as nobody
collect data from the nobody-user and store it in session variables (works
fine!). Then there is a page that forces login (using login_if(1)). After
the nobody-user has successfully logged on I'd like to transfer the values
of the session variables to his user variables, so that they won't be lost
after he logs out.

The problem, however, is:
After logging on, the session variables are corrupted. They have values
other than the ones gathered before. And I don't know why. While searching
for the bug, I have removed any code from my scripts that refers to user
variables. I am trying to see whether the session variables keep their
values before and after logging on - but the program behaves strangely:

First step: Suppose there's a variable called A. While being nobody, this
variable is set to 1. After logging on its value is <undefined>. Now while
logged on this variable will be set again to 1.
Second step: Restart the browser. While being nobody, the variable A is set
to 3. After logging on its value is 1. Now while logged on this variable
will be set again to 3.
Second step: Restart the browser. While being nobody, the variable A is set
to 12. After logging on its value is 3. etc.

How can that be? I am not using any register() methods from user-classes.
It's just the session-class I am interacting with. I can't figure out why
this systems behaves this way. I thought the session wouldn't change after
logging on.

Can something like the above be done using PHPLIB and - if it can be done -
what could cause such a strange behaviour?

Many thanks for any hints (even those that don't point into the right
direction).

Hermann-Simon Lichte

Re: [Phplib-users] Nested blocks in templates

[Richard A. <rh...@ju...>]

At 1:24 PM +0200 15/5/02, Andrey Lebedev wrote:

>Is there any possibility to create nested blocks using phplib's
>templates? I'll try to explain what I mean by example:

Here's a sample I've posted to the list before. Almost what you want.

Template:

<HTML>
<BODY>
<PRE>
<!-- BEGIN GROUP -->
  {GROUPNAME}
  <!-- BEGIN CELL -->
     {CELLVALUE} : {CELLVALUE2}
  <!-- END CELL -->
<!-- END GROUP -->
</PRE>
</BODY>
</HTML>


Script:

<?php
   include("template.inc");
        # create Template instance called $t
        $t = new Template(".","comment");
        $t->debug=true;

        # define variables named page and box, referencing files
        $t->set_file(array("test" => "nesttest.tmpl"));

        # extract the block named "GROUP" from "test", creating a
        # reference to {group} in "test".
        $t->set_block("test", "GROUP", "group");

        # extract the block named "CELL" from "GROUP", creating a
        # reference to {cell} in "GROUP".
        $t->set_block("GROUP", "CELL", "cell");

        for ($i=1; $i<=3; $i++) {
           $t->set_var("cell", "");
           for ($j=1; $j<=3; $j++) {
              $t->set_var(array("CELLVALUE" => $j, "CELLVALUE2" => $j*10));
              $t->parse("cell", "CELL", true);
           }
           $t->set_var(array("GROUPNAME" => $i));
           $t->parse("group", "GROUP", true);
        }
        # build out from test...
        $t->pparse("out", "test");
        unset($t);
?> 

Output:

  1
     1 : 10
     2 : 20
     3 : 30
  2
     1 : 10
     2 : 20
     3 : 30
  3
     1 : 10
     2 : 20
     3 : 30


 ...R.

Re: [Phplib-users] Nested blocks in templates

[Joe S. <jo...@be...>]

Here's a couple of examples in previous discussions:

http://marc.theaimsgroup.com/?l=phplib&m=98101695126852&w=2
http://marc.theaimsgroup.com/?l=phplib&w=2&r=1&s=Nested+Blocks&q=b

On Wed, May 15, 2002 at 01:24:52PM +0200, Andrey Lebedev wrote:
> Hello,
> 
> Is there any possibility to create nested blocks using phplib's
> templates? I'll try to explain what I mean by example:
> 
snip!

[Phplib-users] Nested blocks in templates

[Andrey L. <an...@nk...>]

Hello,

Is there any possibility to create nested blocks using phplib's
templates? I'll try to explain what I mean by example:

Let's say we have such template (ttest.inc.html):

Page start
<hr>
<!-- BEGIN loop -->
<b>Loop begin: {LOOPNUM}</b>
<blockquote>
	<!-- BEGIN subloop -->
	subloop: {SUBLOOPNUM}<br>
	<!-- END subloop -->
</blockquote>
<b>Loop end: {LOOPNUM}</b><hr>
<!-- END loop -->
Page end

and we want to produce output like:

Page start
Loop begin: 1
	subloop: 1 - 1
	subloop: 1 - 2
	subloop: 1 - 3
	subloop: 1 - 4

Loop end: 1
Loop begin: 2
	subloop: 2 - 1
	subloop: 2 - 2
	subloop: 2 - 3
	subloop: 2 - 4
Loop end: 2
Page end


so question is: how to do it? I was trying lot of tricks and this code
was closest, but it isn't what i nead...

<?php
require("prepend.inc.php");
$tpl = new Template(".");
$tpl->set_file("page", "ttest.inc.html");
$tpl->set_block("page", "loop", "litem");
for ($i=1; $i<=2; $i++) {
	$tpl->set_var("LOOPNUM", $i);
	$tpl->set_block("loop", "subloop", "slitem");
	for ($j=1; $j<=4; $j++) {
		$tpl->set_var("SUBLOOPNUM", "$i - $j");
		$tpl->parse("slitem", "subloop", true);	
	}
	$tpl->parse("litem", "loop", true);
}
$tpl->pparse("CONTENTS", "page");
?>

IMHO it must be very common and useful feature of templates, but i'm
starting to think that it's not possible... Maybe i'm missing
something?... please advice.

Thank you

-- 
Andrey Lebedev
Naujoji Komunikacija

Re: [Phplib-users] Template Bugs..

[Richard A. <rh...@ju...>]

At 11:48 PM +0200 13/5/02, anze wrote:

>> The template.inc from the development tree has much nicer debugging
>> than the -stable one.
>
>Because the code you assign to variables is often (well, always) HTML code I

The template.inc in the development tree has all debugging output
escaped. And nicely formatted.

 ...R.

Re: [Phplib-users] Template Bugs..

[anze <an...@vo...>]

Hi!

> The template.inc from the development tree has much nicer debugging
> than the -stable one.

Because the code you assign to variables is often (well, always) HTML code I 
suggest you subclass Template and change set_var and similar functions to:

function set_var($varname,$value)
{
  echo "VAR '$varname' set to: ".htmlentities($value);
  Template::set_var($varname,$value);
}

Why? Assign something like '<input type="select"...' to some var and you'll 
see. PHPlib debugging capability outputs exactly what is assigned to the var, 
but your browser interprets it as HTML - not goot for debugging unless you 
check HTML source every time (which is too cumbersome for me).

Or maybe you can find where debug is inspected and add that htmlentities() 
around the var value... I didn't do it cause I subclassed Template anyway to 
add parameters passing capability to it (so the designer can pass parameters 
to the developer) and there was minimum hassle to add debugging. 

The code above is just an example, it was written from the head and without 
testing. I have used similar code when debugging though - but I don't have it 
here. If you need more, let me know.

Have fun!

 Anze

RE: [Phplib-users] Template Bugs..

[Richard A. <rh...@ju...>]

At 4:44 PM -0400 13/5/02, Mike Gifford wrote:

>Ok..  How do I enable template.inc debugging..  That would likely be
>useful info..

$this->template->debug = true;

The template.inc from the development tree has much nicer debugging
than the -stable one.

With this version there are three levels of debugging:
  * This is a bitwise mask of available debug levels:
  * 0 = no debugging
  * 1 = debug variable assignments
  * 2 = debug calls to get variable
  * 4 = debug internals (outputs all function calls with parameters).

So,
$this->template->debug = 7;
would enable full debugging including a trace of all function calls
within the template class.

You can pull it out of the CVS via:
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/*checkout*/phplib/php-lib/php/ext/template.inc?rev=HEAD&content-type=text/plain

 ...R.

RE: [Phplib-users] Template Bugs..

[Mike G. <mi...@op...>]

Hello Nathan & Layne,

Thanks to both of you, I think I've got the problem solved..  But I've
also got some other questions following your help..

On Mon, 2002-05-13 at 16:14, Layne Weathers wrote:
> >       $this->template->set_var(array( 'SIDEBAR_LINKS'   =>
> > $spotlightArticles  ));
> FYI: If you are only setting one variable, you can send it as two arguments
> rather than creating an array and having set_var pull it back out of the
> array.

How would that look?  Like this:
$this->template->set_var($spotlightArticles='SIDEBAR_LINKS');

That doesn't look right to me, but I can't think how else to do it..
 
> >       $this->template->parse($template, "link_row", true);
> This should be:
> 	$this->template->parse("link_rows", "link_row", true);

Yup.. This was my major flaw..  Thanks!  I tend to copy stuff and
sometimes end up copying the wrong stuff and trying to figure out why
the heck it isn't working..

On Mon, 2002-05-13 at 16:31, nathan r. hruby wrote:
> >    $this->template->parse('SIDBAR', $template);
> >    $articleLinks =  $this->template->get('SIDBAR');
> >    return $articleLinks;
>   $this->template->parse('SIDBAR', $template, TRUE);
>   return $this->template->get('SIDBAR');

> Note the addtional TRUE in parse(). 

I added that..  This just means that it appeands it if it already
exists, right?

> When in doubt, enabling debugging for
> template.inc, you get to see what's
> happening exactly at every step

Ok..  How do I enable template.inc debugging..  That would likely be
useful info..

Mike
-- 
Mike Gifford, OpenConcept Consulting, http://www.openconcept.ca
Open Source Web Applications for Social Change
New Site Launched: http://www.patmartin.org/
War is a poor chisel to carve out tomorrows. ML King, Jr.

Re: [Phplib-users] Template Bugs..

[nathan r. h. <na...@ds...>]

On 13 May 2002, Mike Gifford wrote:

>
>    $this->template->parse('SIDBAR', $template);
>    $articleLinks =  $this->template->get('SIDBAR');
>    return $articleLinks;

  $this->template->parse('SIDBAR', $template, TRUE);
  return $this->template->get('SIDBAR');

Note the addtional TRUE in parse(). When in doubt, enabling debugging for
template.inc, you get to see what's
happening exactly at every step
-n
------
nathan hruby
na...@ds...
------

RE: [Phplib-users] Template Bugs..

[Layne W. <la...@if...>]

>       $this->template->set_var(array( 'SIDEBAR_LINKS'   =>
> $spotlightArticles  ));

FYI: If you are only setting one variable, you can send it as two arguments
rather than creating an array and having set_var pull it back out of the
array.

>       $this->template->parse($template, "link_row", true);

This should be:
	$this->template->parse("link_rows", "link_row", true);

Layne Weathers
Ifworld Inc.

[Phplib-users] Template Bugs..

[Mike G. <mi...@op...>]

Hello,

I'm working on migrating Back-End (a CMS that presently uses just the
templates.inc file from phplib) and have it use much more of phplib's
functionality..  It's heavily based on the work of the phpSlash team at
the moment..

Unfortunately I'm having a bit of a problem with the template.inc
file..  Not sure if it is something specifically with phplib-7.4-pre1 or
not, but thought I would bring it to the list to see if I've messed up
somewhere or if this is a bug..

The problem is essentially that dynamic content of blocks seems to be
occurring in the wrong order.

For example this simple template:

<!-- START OF TEMPLATED DISPLAY STORY be_sidebarArticleLinks.tpl -->  
<!-- BEGIN link_row -->
	<LI>{SIDEBAR_LINKS}	
<!-- END link_row -->
<!-- END OF TEMPLATED DISPLAY STORY be_sidebarArticleLinks.tpl -->


Should produce something like this:

<!-- START OF TEMPLATED DISPLAY STORY be_sidebarArticleLinks.tpl -->
<li><a
HREF='http://office.openconcept.ca/be5/public_html/main_file.php3/62/'>Lots of Features Here!</a>
<li><a
HREF='http://office.openconcept.ca/be5/public_html/main_file.php3/81/'>uu r title</a>
<!-- END OF TEMPLATED DISPLAY STORY be_sidebarArticleLinks.tpl -->


But instead I'm getting  a response like this:

<!-- START OF TEMPLATED DISPLAY STORY be_sidebarArticleLinks.tpl -->
<!-- END OF TEMPLATED DISPLAY STORY be_sidebarArticleLinks.tpl -->
<li><a
HREF='http://office.openconcept.ca/be5/public_html/main_file.php3/62/'>Lots of Features Here!</a>
<li><a
HREF='http://office.openconcept.ca/be5/public_html/main_file.php3/81/'>uu r title</a>


I'm not sure why this is happening..  Isn't really critical here, but
quite messes up lists and tables..

Also, it's frustrating that I can't seem to place elements behind the
dynamic text (though I know it is possible)..

This is all within a class, but the related function is:

  /* Returns the HTML for the Spotlight Articles */
  function getSpotlightArticles($mode) {
    global $_PSL,  $_BE;
    
    $template = "sidebarLinks";
    $this->template->set_block($template,"link_row","link_rows");
    
    if ($mode=='full') {
      $argv_ary['fields'] = ' main.articleID, main.URLname,
main.hitCounter, text.title, text.blerb ';
    } else {
      $argv_ary['fields'] = ' main.articleID, main.URLname, text.title
';
    }
    $argv_ary['conditions'] = " WHERE main.hide='0' AND main.spotlight =
'1' ";
    
    $order='date';
    $spotlight_ary = $this->extractArticles($argv_ary,$order, '');    

    for ($ii = '0' ; $ii < count($spotlight_ary) ; $ii++) {
      if(empty($spotlight_ary[$ii]['URLname']))
$spotlight_ary[$ii]['URLname'] = $spotlight_ary[$ii]['articleID'];  
      $spotlightArticles = "<A HREF='" . $_PSL['rooturl'] . "/" .
$_BE['main_file'] . "/" . $spotlight_ary[$ii]['URLname']. "/'>" .
$spotlight_ary[$ii]['title'] . "</A>"; 
      $this->template->set_var(array( 'SIDEBAR_LINKS'   =>
$spotlightArticles  ));  
      $this->template->parse($template, "link_row", true);
    }
    
    $this->template->parse('SIDBAR', $template);
    $articleLinks =  $this->template->get('SIDBAR');
    return $articleLinks;
  }


Any suggestions on this would be appreciated..

Mike
-- 
Mike Gifford, OpenConcept Consulting, http://www.openconcept.ca
Open Source Web Applications for Social Change
New Site Launched: http://www.patmartin.org/
War is a poor chisel to carve out tomorrows. ML King, Jr.

Re: [Phplib-users] Multi-domain sessions?

[Layne W. <la...@if...>]

>> My initial attempt to do this involved hacking session4.inc
>> so that if $cookie_domain is an array it sends a cookie from
>> each domain listed but this doesn't appear to have worked.
>> My sessions within one site have the same ID but when I move
>> to either of the other sites I get a different ID.
>
> Just some general thoughts.  First, you can't set or read cookies
> from other domains.  If you wanted to go that way, the only way to
> really do it would be to set the cookie and redirect to the other
> two domains, basically a redirect circle that would end up on the
> first site again.
> I wouldn't recommend that.

Why not do what the banner ad placement companies like DoubleClick do? On
each domain, link to an invisible 1x1 GIF from the other two sites. The
image source url is actually a link to a PHP file with a session id using
PATH_INFO or a GET variable. The image PHP script writes a session cookie to
its own domain and then sends through the GIF.

Layne Weathers
Ifworld Inc.

Re: [Phplib-users] Multi-domain sessions?

[Michael C. <mdc...@mi...>]

On Sun, May 12, 2002 at 03:45:07PM +0100, James Stewart wrote:
> I posted on this a while back but hadn't really thought through what I
> wanted to do.
>
> I have three sites which all share a single database and which I'd like
> to share a single shopping cart. The SSL certificate is only valid for
> one of the domains so I definitely need to be able to have that domain
> access carts started at either of the other sites. Two of the sites are
> on one server and the third is on another, along with the database.
>
> I'm using session4.inc and I'm guessing the best way to handle this
> would be to send three cookies when the user first visits any of the
> sites, one from each domain, each containing the session ID. I would
> then get the same session ID when the user went to any of the sites
> during that browser session.
>
> My initial attempt to do this involved hacking session4.inc so that if
> $cookie_domain is an array it sends a cookie from each domain listed but
> this doesn't appear to have worked. My sessions within one site have the
> same ID but when I move to either of the other sites I get a different
> ID.
 
Just some general thoughts.  First, you can't set or read cookies from
other domains.  If you wanted to go that way, the only way to really do
it would be to set the cookie and redirect to the other two domains,
basically a redirect circle that would end up on the first site again.
I wouldn't recommend that.
 
If you want to use the same session, and can get to the session
information from all three (note that I strongly suggest using the file
based sessioning for php4), then you can do what you want and pass the
session id as part of each cross-site url.  You should have some logic
on the other sites to check the refering url on the way in.  While it's
true that it can be spoofed, and that doesn't make it more secure, it
does keep it from being accidently passed in from another site (i.e.
someone posts a link on another site that includes a session id).  Also
note that the same security issue exists on any given site, anyway.  If
someone nabs your session id while you're logged in, they can take over
your session easily.
 
Anyway, if you don't feel safe just passing the session id, you can
always use a shared key encryption scheme to pass information from one
domain to another through url's.  I just don't know what you'd gain in
that case.
 
Michael
--
Michael Darrin Chaney
mdc...@mi...
http://www.michaelchaney.com/

Re: [Phplib-users] Multi-domain sessions?

[Richard A. <rh...@ju...>]

At 7:38 PM -0500 12/5/02, Walters Justin Peter wrote:

>> >will want to verify the HTTP_REFERER so that sessions can only be
>> >"hi-jacked" by your sites.
>>
>> HTTP_REFERER is supplied by the user and cannot be trusted.
>>
>
>Are you then forced to do some kind of server-side authentication?

If you pass the session ID in the url, you are effectively doing
server-side authentication, because (presumably) only the server and
the client know the session ID.

Assuming that is you're running an SSL connection... and that's the
first thing to do when security is important!

 ...R.

Re: [Phplib-users] Multi-domain sessions?

[Walters J. P. <jw...@sa...>]

> >will want to verify the HTTP_REFERER so that sessions can only be
> >"hi-jacked" by your sites.
>
> HTTP_REFERER is supplied by the user and cannot be trusted.
>

Are you then forced to do some kind of server-side authentication?  How
vulnerable are your user accounts w/ this sort of hack in place?  I'm just
wondering if the age of session id's renders further security pointless,
considering it would be very difficult to get a hold of a session id.
Possibly the biggest concern is for any pages on your site that already
end up putting the session id in the URL which would then show up on
referrer logs... which happens w/ all non-cookies browsers.

Justin

_______________________________________________________
                               2 common misconceptions
       0) Pain is bad.
       1) Omniscience necessitates predestination.

Re: [Phplib-users] Multi-domain sessions?

[Richard A. <rh...@ju...>]

At 10:05 AM -0500 12/5/02, Walters Justin Peter wrote:

>so can you simply pass it in the URL?

That's the way I'd do it too.


>will want to verify the HTTP_REFERER so that sessions can only be
>"hi-jacked" by your sites.

HTTP_REFERER is supplied by the user and cannot be trusted.

 ...R.