Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 2 of 2 FirstFirst 12
Results 16 to 24 of 24
  1. #16
    Regular Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    939
    Thanks
    21
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by tangoforce View Post
    Well considering the next user would need to know the previous users password, I think its a no-go to be honest. You could also put the users ID number in the form (or a hashed version of it at least / random value) so that you can compare the session data to make sure it belongs to the right user should another login with the same session id.

    As per Debbies request, you can save the entire $_GET and $_POST arrays in the session (along with the $_SERVER so you know the original url), do your login and then check / use them as you originally would have done. This is a method I've used for a few years with minimal hassle as I also had the same problem with my site (i have a session time out / password confirmation thing which needed to remember input and act on it after the login page).
    I got it figured it out.

    Before reading Tango's post, I stored the "Subject" and "Body" of the User's Session variable, and then after they log in and are re-directed back to the "Send PM" form, I use those Session variables to populate my Form.

    (The tricky part way figuring out the sequence of what to do when - as is almost always the case with coding!!)

    Seems to be working well, and I agree with Tango that this solution is secure enough for now.

    I'm sure I'll find better and safer ways to re-do my entire website with v3.0...


    Debbie

  2. #17
    Regular Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    939
    Thanks
    21
    Thanked 0 Times in 0 Posts
    Redcoder,

    Not to add to the debate, but my personal reason for avoiding JavaScript and AJAX is this...

    Most systems and programmers that I see flock to JavaScript and AJAX don't focus on good design first. (I am working on a $5 million piece of junk at work that would come to a grinding halt if you turned off JS?!)

    My goal is to build a website that works entirely *without* JS, and then after I have a website that is designed well and supports clients with JS off, THEN I can consider "prettying things up" and making things "sexier" with JS.

    So far, I can get as good of a user-experience WITHOUT JS as with it.

    But that is just me.


    Debbie

  3. #18
    Regular Coder Redcoder's Avatar
    Join Date
    May 2012
    Location
    /dev/null
    Posts
    332
    Thanks
    2
    Thanked 47 Times in 46 Posts
    I'm not a firce advocate of Javascript as I don't even use it often in my line of work...but sometimes its just necessary.

    But hey, whatever works for you. Ideas were bounced.

  4. #19
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,090
    Thanks
    51
    Thanked 506 Times in 493 Posts
    Quote Originally Posted by Redcoder View Post
    Why does that feel like its below the belt? Probably is...but I'll let it slide.
    Take that how you want to. Nothing was meant below the belt however you were the one who felt you needed to educate me - your 'mate'.

    Quote Originally Posted by Redcoder View Post
    Pause right there....Remember I said session cookie, not sessions mate. Not sessions.
    So just how would you define a session cookie then? - You clearly didn't understand the very difference between a session and a cookie. If you're storing something in a session you don't need to worry about cookies other than the default php session cookie itself. Even then, that contains no data that an attacker can use directly in the way of information which is what you were suggesting (the random form names and knowing what is what). Why on earth would anyone store anything that should be kept secure in a normal cookie?

    Seriously, you're trying to cover your tracks now from my POV. I'd have far more respect for you if you admitted you'd made a mistake. You'll see me, Fou and plenty of others admit when we're wrong around here and yes, it happens quite often.

    Quote Originally Posted by Redcoder View Post
    And you can be darn sure that I'm the best at what I do.
    Ok 'mate', if you say so (though actually, I'm really not sure about that )
    Last edited by tangoforce; 01-13-2013 at 03:23 AM.
    My helpful sig is on vacation trying to loose some weight. It got a bit fat and caused a few problems but it will be back at some point!

  5. #20
    Regular Coder Redcoder's Avatar
    Join Date
    May 2012
    Location
    /dev/null
    Posts
    332
    Thanks
    2
    Thanked 47 Times in 46 Posts
    Quote Originally Posted by tangoforce View Post
    So just how would you define a session cookie then? - You clearly didn't understand the very difference between a session and a cookie. If you're storing something in a session you don't need to worry about cookies other than the default php session cookie itself. Even then, that contains no data that an attacker can use directly in the way of information which is what you were suggesting (the random form names and knowing what is what). Why on earth would anyone store anything that should be kept secure in a normal cookie?
    I noticed the mistake(c'mon, even an 'overeager beginner coder' knows that, I think sessions and cookies are PHP 101).

    By the way you're pretty funny, I see why you're very popular with the ladies.


    Quote Originally Posted by tangoforce View Post
    Nothing was meant below the belt however you were the one who felt you needed to educate me - your 'mate'.
    I don't come here to educate anybody, only to bounce ideas or help somebody who would like to know something that I already know. This is not a workplace where we are promoted on what knowledge or degrees we have. Bounce ideas - remember that next time.

    I could say that I technically did not explicitly say that you are 'my' mate(I demand an apology so that I can respect you from my POV)...but then I'd have to get down to your level. I can't beat your experience at that...

    Quote Originally Posted by tangoforce View Post

    Seriously, you're trying to cover your tracks now from my POV. I'd have far more respect for you if you admitted you'd made a mistake. You'll see me, Fou and plenty of others admit when we're wrong around here and yes, it happens quite often.

    So what you are trying to extort from me is a confession that I made a mistake 'In my over-eagerness to be a coder'? That's kinda pathetic...even from you.


    Quote Originally Posted by tangoforce View Post
    Ok 'mate', if you say so (though actually, I'm really not sure about that )
    That helps you feel better about yourself doesn't it....well, suit yourself.
    Last edited by Redcoder; 01-13-2013 at 04:05 AM.

  6. #21
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,090
    Thanks
    51
    Thanked 506 Times in 493 Posts
    Quote Originally Posted by Redcoder View Post
    I noticed the mistake(c'mon, even an 'overeager beginner coder' knows that, I think sessions and cookies are PHP 101).
    Yet you were the one promoting it?

    Quote Originally Posted by Redcoder View Post
    By the way you're pretty funny, I see why you're very popular ...
    What the? Now you're trying to make it personal. Throwing insults at people about personal stuff that you've no idea about really is below the belt. I'm not only reporting your post, I'm also going to ask for you to be dealt with by a moderator.

    Quote Originally Posted by Redcoder View Post
    I don't come here to educate anybody, only to bounce ideas or help somebody who would like to know something that I already know.
    So why are you bouncing around ideas that you a) don't understand properly yourself?

    Quote Originally Posted by Redcoder View Post
    This is not a workplace where we are promoted on what knowledge or degrees we have. Bounce ideas - remember that next time.
    Which is what I was doing. You were the one trying to pick my ideas to bits because you didn't understand them or how the http process really works. You have a history of that remember? - You clamed that MySQL could also be accessed via a http connection a few days ago too.

    Quote Originally Posted by Redcoder View Post
    I could say that I technically did not explicitly say that you are 'my' mate(I demand an apology so that I can respect you from my POV)...but then I'd have to get down to your level. I can't beat your experience at that...
    Grow up. I don't owe you an apology for anything. If anyone owes anyone an apology its you owes me one. You're the one trying to ram thia ajax idea down peoples throat, you're the one demanding that I have to agree with you on it etc and you're the one who had no concept of sessions and cookies.

    Quote Originally Posted by Redcoder View Post
    So what you are trying to extort from me is a confession that I made a mistake 'In my over-eagerness to be a coder'? That's kinda pathetic...even from you.
    No, I'm saying I would of had more respect for you if you'd just 'fessed up and admitted you'd blundered - just like you did the other day when I pointed out the http thing with the mysql connection. You admitted it was a blunder and I respected that.

    Quote Originally Posted by Redcoder View Post
    That helps you feel better about yourself doesn't it....well, suit yourself.
    Not really. Most of your advice is good but when you're wrong on something and someone points it out, you might as well just accept it, learn from it and move on. Not be all hostile about it. It's no secret that DoubleDee and myself have had numerous spats on this forum - really strong ones (she's another who'll disagree with me with ease - I'll put forward a good idea but she won't like it frequently) and I've threatened to ignore her a few times yet she continues coming here for help, I continue putting ideas forward and she continues to read them. Thats just how things go - you cool down for a bit, forget the past and carry on
    My helpful sig is on vacation trying to loose some weight. It got a bit fat and caused a few problems but it will be back at some point!

  7. #22
    Regular Coder Redcoder's Avatar
    Join Date
    May 2012
    Location
    /dev/null
    Posts
    332
    Thanks
    2
    Thanked 47 Times in 46 Posts
    Quote Originally Posted by tangoforce View Post
    Yet you were the one promoting it?
    The only idea I fully promoted is Ajax. I stuck to my sh!% when you started talking sh%!

    What the? Now you're trying to make it personal. Throwing insults at people about personal stuff that you've no idea about really is below the belt. I'm not only reporting your post, I'm also going to ask for you to be dealt with by a moderator.
    Okay. Go tell mummy.



    So why are you bouncing around ideas that you a) don't understand properly yourself?
    Remember, there is a difference between not understanding and making an error in writing.

    And even if I don't understand (which I do), that's the whole point of bouncing ideas...ain't it?


    You have a history of that remember?
    History? Reeeaaally? That's what you could come up with to justify your argument? History of making mistakes is it? Please, point out the many times I make mistakes and why I am a 'overeager to be a coder'.


    You're the one trying to ram this Ajax idea down peoples throat, you're the one demanding that I have to agree with you on it etc
    Dude....you must really hate discussions. I have nothing against other people's ideas - I just like to probe and see why somebody thinks his/her idea fits, it gives you a perspective. You should try it some day.

    How will you know that your idea is really bulletproof if others have not tested it?

    ...and you're the one who had no concept of sessions and cookies.
    I'm pretty sure I have.



    You know what I think, I think you need to take a chill pill.

  8. #23
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,090
    Thanks
    51
    Thanked 506 Times in 493 Posts
    Quote Originally Posted by Redcoder View Post
    I stuck to my sh!% when you started talking sh%!

    ...

    You know what I think, I think you need to take a chill pill.
    My helpful sig is on vacation trying to loose some weight. It got a bit fat and caused a few problems but it will be back at some point!

  9. #24
    Regular Coder Redcoder's Avatar
    Join Date
    May 2012
    Location
    /dev/null
    Posts
    332
    Thanks
    2
    Thanked 47 Times in 46 Posts
    Quote Originally Posted by tangoforce View Post

    I stuck to my sh!% when you started talking sh%!

    ...

    You know what I think, I think you need to take a chill pill.
    Clever. Clever play. But it doesn't hide the fact that a dude using roll eyes is weird.


 
Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •