|
|
Posted by frizzle on 10/26/05 20:47
I'm definetly not moving the site! :D
Another thought: if the $_SERVER['http_referer'] is quite easy to fake,
would a hidden field with $_SERVER['REQUEST_URI'] be even more easy to
fake?
I'm assuming the members WANT to login. Username & pass are checked
from the DB, so if either referer, username or pass don't match, the
user cannot login (as it is now). is there anything wrong with this?
Now i'm also using the $_SERVER['http_referer'] for the logout action.
It doesn't contain a form, but only requests a page that destroys some
$_SESSION vars. This way i can send them back to the last page where
they were logged in.
Am i doing something wrong here then?
Frizzle.
Navigation:
[Reply to this message]
|