passing userName and userPassword to pages

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: macek, egami, gesf

thesmashest
New php-forum User
New php-forum User
Posts: 2
Joined: Thu Jul 24, 2003 9:16 am

passing userName and userPassword to pages

Postby thesmashest » Thu Aug 07, 2003 8:30 am

Hi there,

I am using a simple user authentication code that lets the user enter his/her name and the password then checks the database to either permit/deny the user.

Suppose the user logged in. Now this user will be entering multiple php pages and each page will connect to the database using the user's name and password.
My question is: How can I pass the user's name and password from page to page?
I was thinking about using something like this in the authentication page;

print "<INPUT TYPE='hidden' NAME='userName' VALUE='$PHP_AUTH_USER'>";
print "<INPUT TYPE='hidden' NAME='userPassword' VALUE='$PHP_AUTH_PW'>";

And in the php pages I can do the following:

mysql_connect('localhost','$_POST[userName]','$_POST[userPassword]);
mysql_select_db('db');


I don't think it very effecient.
Is that the only way to do ? Is it secure enough?

Thanks

User avatar
swirlee
Moderator
Moderator
Posts: 2272
Joined: Sat Jul 05, 2003 1:18 pm
Location: A bunk in the back
Contact:

Postby swirlee » Thu Aug 07, 2003 1:39 pm

First of all, once you know that a user is logged in, there's no reason to be passing his/her password around. The user should enter the password at login, and that should be the last time your PHP script cares about the password.

The solution to what you want to do is called Sessions. It's a broad topic, and a little tricky to grasp at first, so I'll just point you to the documentation. To get a better understanding of it, though, I recommend you Google a few sessions tutorials.


Return to “PHP & MySQL Security”

Who is online

Users browsing this forum: No registered users and 2 guests