In the "config.php" file in the $PSA_REGISTER_EMAIL array. What is the activateLink? I know it says 'The url for activating the password reset process' ... hugh?
In the phpSecurityAdm.html file under REQUIREMENTS the first paragraph, last line. 'You will need to have sessions support, gettext support, and trans-sid enabled as well.'
sessions support: in the php.ini file I counted 21 session switches. Can you be more specific, please?
gettext: Is this the dll in the php.ini?
trans-sid: The php.ini file has a big warning about turning this option on, are you sure?
Thanks - Steve
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
activateLink is used in the email that is sent to the user for them to click on so they can come back to the site and finish with registration/password reset. It is mostly there for people who want to set up the system to allow users to register themselves.
session.use_trans_sid should be set to 1 for the domain that you are using PSA in. This is done so that the sessions can work with browsers that don't have cookies enabled without having to hand-code the session id in all the anchor tags and form actions.
All sessions are checked against the IP address of the user in the isLoggedIn() method with the IP of the user that initiated them to verify that it is the correct user/computer requesting the information.
php.ini has security warnings about a lot of things like:
register_globals
display_errors
log_errors
error_reporting
user_dir
cgi.force_redirect
cgi.redirect_status_env
session.use_trans_sid
However, if your applications are coded correctly, and the server is set up correctly, these issues can all be avoided.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
In the "config.php" file in the $PSA_REGISTER_EMAIL array. What is the activateLink? I know it says 'The url for activating the password reset process' ... hugh?
In the phpSecurityAdm.html file under REQUIREMENTS the first paragraph, last line. 'You will need to have sessions support, gettext support, and trans-sid enabled as well.'
sessions support: in the php.ini file I counted 21 session switches. Can you be more specific, please?
gettext: Is this the dll in the php.ini?
trans-sid: The php.ini file has a big warning about turning this option on, are you sure?
Thanks - Steve
activateLink is used in the email that is sent to the user for them to click on so they can come back to the site and finish with registration/password reset. It is mostly there for people who want to set up the system to allow users to register themselves.
gettext is a php module for internationalization:
http://us4.php.net/manual/en/ref.gettext.php
session support means that you need to be able to use sessions:
http://us4.php.net/manual/en/ref.session.php
session.use_trans_sid should be set to 1 for the domain that you are using PSA in. This is done so that the sessions can work with browsers that don't have cookies enabled without having to hand-code the session id in all the anchor tags and form actions.
All sessions are checked against the IP address of the user in the isLoggedIn() method with the IP of the user that initiated them to verify that it is the correct user/computer requesting the information.
php.ini has security warnings about a lot of things like:
register_globals
display_errors
log_errors
error_reporting
user_dir
cgi.force_redirect
cgi.redirect_status_env
session.use_trans_sid
However, if your applications are coded correctly, and the server is set up correctly, these issues can all be avoided.