|
|
Posted by Gordon Burditt on 04/13/06 02:23
>I am trying to develop a simple user authentication routine.
>
>I started with something I got from a book called "PHP in Easy Steps."
>It works like this:
>
>- create a table in a database with basic user information: name,
>login, password
>- create a simple html form which loads "authenticate.php" when the
>submit button is pushed.
>- autheticate.php checks the login against the database, and loads the
>next file, if the user is authenticated.
>
>I have all that working. The problem, if you haven't guessed, is that
>somebody can bypass the entire thing, if that person the the file(s)
>that are loaded after the authetication. i.e.
(1) Make sure that there *is* no next file. (Put it in *this* file).
(2) If there is a next file, make sure it has no URL (it's outside
the document tree).
Often, every file to be protected would include "authenticate.php"
up front. Sometimes it is useful, after successful authentication,
to output a Content-type header followed by fpassthru() called on
a file outside the document tree (this is one way to protect images or
files to be downloaded).
Whether or not you do full authentication each time or if you leave behind
a cookie or session variable which is checked later is up to you.
>http://urlname/sensitivedata.html
>
>So how do I fix this? Cookies? Can I check if the user is authenticated
>in each subsequent file that might be loaded?
Gordon L. Burditt
Navigation:
[Reply to this message]
|