sign in insecure, any better way ?

**ubunreal69** · Mar 23rd, 2002, 04:28 AM

is there a better method of getting / keeping a user logged in other than cookies or session variables ?

**chrisjk** · Mar 23rd, 2002, 12:49 PM

You could store the IP address of the requesting user so you know who they are. It might work but i'd stick to sessions personally

From php.net

andreyhristov at yahoo.com
12-Sep-2000 02:19

In reply to [email protected]:
When you use REMOTE_ADDR for getting the IP of the current user,

sometimes you get the IP of the ISP Cache server.
When this happens, the HTTP_X_FORWARDED_FOR is also set, it
contains the IP of the user.
So with this script, you always get the right IP:

<PRE>

if (getenv(HTTP_X_FORWARDED_FOR)){

$ip=getenv(HTTP_X_FORWARDED_FOR);

}

else {

$ip=getenv(REMOTE_ADDR);

}

</PRE>
And also:
Note that the X-Forwarded for header might contain multiple addresses,
comma separated, if the request was forwarded through multiple proxies.

Finally, note that any user can add an X-Forwarded-For header themselves.
The header is only good for traceback information, never for
authentication. If you use it for traceback, just log the entire
X-Forwarded-For header, along with the REMOTE_ADDR.
This text is written by :
[email protected] (before "And also:" and
[email protected] all other.

--
Editor's Note: We cannot trust HTTP_X_FORWARDED_FOR

**ubunreal69** · Mar 24th, 2002, 08:23 PM

Originally posted by chrisjk
You could store the IP address of the requesting user so you know who they are. It might work but i'd stick to sessions personally

From php.net

yeh, ok. i suppose i'm not really doing anything extremely, important, sessions will have to do for now hey

thanx chrisjk

**ubunreal69** · Mar 24th, 2002, 08:35 PM

****, just reading thi again confuses me, there's a PHP.NET ???

sweet, didnt know it existed. gotta check this out

**ubunreal69** · Mar 24th, 2002, 08:39 PM

ummmm, sorry, i'm stupid

i just realised

oh well, what am i talking about, i hate microsoft anyway.

btw. sorry for the *ahem* small amount of spamming.

scoutt · Mar 25th, 2002, 10:38 AM

Originally posted by ubunreal69
****, just reading thi again confuses me, there's a PHP.NET ??? sweet, didnt know it existed. gotta check this out

you didn't know there was a php.net? where did you get your php from????

**ubunreal69** · Mar 25th, 2002, 07:12 PM

lol, no, no, i meant as in like ASP.NET & VB.NET now u see how stupid it was ?

scoutt · Mar 25th, 2002, 09:10 PM

yup, it is best to leave this one alone

Thread: sign in insecure, any better way ?

Thread Tools

Display

sign in insecure, any better way ?

Posting Permissions