Board index   FAQ   Search  
Register  Login
Board index php forum :: PHP and MySQL Security PHP & MySQL Security

passing userName and userPassword to pages

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: macek, egami, gesf

passing userName and userPassword to pages

Postby thesmashest » Thu Aug 07, 2003 8:30 am

Hi there,

I am using a simple user authentication code that lets the user enter his/her name and the password then checks the database to either permit/deny the user.

Suppose the user logged in. Now this user will be entering multiple php pages and each page will connect to the database using the user's name and password.
My question is: How can I pass the user's name and password from page to page?
I was thinking about using something like this in the authentication page;

print "<INPUT TYPE='hidden' NAME='userName' VALUE='$PHP_AUTH_USER'>";
print "<INPUT TYPE='hidden' NAME='userPassword' VALUE='$PHP_AUTH_PW'>";

And in the php pages I can do the following:


I don't think it very effecient.
Is that the only way to do ? Is it secure enough?

New php-forum User
New php-forum User
Posts: 2
Joined: Thu Jul 24, 2003 9:16 am

Postby swirlee » Thu Aug 07, 2003 1:39 pm

First of all, once you know that a user is logged in, there's no reason to be passing his/her password around. The user should enter the password at login, and that should be the last time your PHP script cares about the password.

The solution to what you want to do is called Sessions. It's a broad topic, and a little tricky to grasp at first, so I'll just point you to the documentation. To get a better understanding of it, though, I recommend you Google a few sessions tutorials.
User avatar
Posts: 2272
Joined: Sat Jul 05, 2003 1:18 pm
Location: A bunk in the back

Return to PHP & MySQL Security

Who is online

Users browsing this forum: No registered users and 1 guest

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.