Posted by shadowshifter on 11/08/06 13:34

Thank you for your answer. The problem occurred in an internal
information system, accessible by only a few users. There is another
virtual host running, which needed the php.ini's session parameters
adapted. Since then the first authentication of the information system
is indeed able to authenticate the user/password and to redirect into
the "odd" script which comes up with the "access denied" message
lately.

Anyway, the only protected function is an index-update, so I won't
spend much more time on the matter.


> "shadowshifter" <oliver.merhof@googlemail.com> wrote in message
> news:1162983090.710184.276230@i42g2000cwa.googlegroups.com...
> > Hello,
> >
> > does anybody know what the use of the exclamation mark in "!isset" is?
>
> It is one of the basic operators, it performs a boolean NOT operation to
> given value. Ie. if the value is FALSE, the NOT operator will make it TRUE,
> and vice cersa, TRUE will become FALSE
>
> > It seems that the script below is only willing to work properly if used
> > without "!".
>
> You are completely changing the functionality of the script to something it
> was never intended.
>
> > extract($_SESSION);
> > if(!isset($password))
> > die ("Access denied");
>
> This horrible piece of script registers all session variables as variables,
> then checks weather the session variable called 'password' exists,
> assumingly it is only present once the user has logged in. If it does not
> exists, the script stops giving the error message 'access denied'. Once you
> remove the exlamation mark, you are no longer checking weather the user is
> logged in or not - in fact you are throwing out anyone who is. If this is
> what you want, then you can remove the entire section of code if it is all
> the same to you. Not that it was really secure in the first place...
>
> --
> "Ohjelmoija on organismi joka muuttaa kofeiinia koodiksi" - lpk
> http://outolempi.net/ahdistus/ - Satunnaisesti päivittyvä nettisarjis
> spam@outolempi.net | rot13(xvzzb@bhgbyrzcv.arg)

• Next in forum: Passing objects from one page to another
• Prev in forum: PEAR installation fails with 5.2.0 on Win XP
• Thread view: Re: !isset

[Reply to this message]