Site Links
Home
Features
Documentation
Pricing & Order
Members Area
Support Options
UBBDev.com
UBBWiki.com
Who's Online Now
3 registered members (Zarzal, Yarpâ„¢, Gizmo), 82 guests, and 218 spiders.
Key: Admin, Global Mod, Mod
Member Spotlight
Mors
Mors
So. California
Posts: 472
Joined: June 2006
Show All Member Profiles 
Top Posters(30 Days)
isaac 18
Gizmo 16
Zarzal 12
TheBrit 10
SteveS 8
Ruben 4
jorb 4
Latest Photos
Test
Testing to drag photos
Comfortable Cats
Test
BSA photos
Previous Thread
Next Thread
Print Thread
Page 2 of 2 1 2
Re: Session support? #33709
10/19/00 05:10 PM
10/19/00 05:10 PM
A
Anonymous OP
Unregistered

Ok thanks for the answers guys.
These sessions will be an interesting path to investigate.

Peelboy brought up an interesting point though, if we have lots of users online it might add on the server load.
Anyway, since we have the choice between session and cookies, all is well and everyone is happy <img border="0" title="" alt="[Big Grin]" src="images/icons/grin.gif" />

Benj

Re: Session support? #33710
10/19/00 05:18 PM
10/19/00 05:18 PM
A
Anonymous OP
Unregistered

Now about those handcuffs and that bike... Is there something you'd like to share with us? <img src="http://amdragon.com/images/icons/hairy.gif" alt=" - " />

<img src="http://www.amdragon.com/images/eileensig.gif" alt=" - " />

Re: Session support? #33711
10/19/00 05:24 PM
10/19/00 05:24 PM
A
Anonymous OP
Unregistered

What...I use the cuffs instead of a bikelock! <img border="0" title="" alt="[Smile]" src="images/icons/smile.gif" />

Re: Session support? #33712
10/19/00 05:28 PM
10/19/00 05:28 PM
A
Anonymous OP
Unregistered

That's a brilliant come-back. Bravo! <img border="0" title="" alt="[Smile]" src="images/icons/smile.gif" />

<img src="http://www.amdragon.com/images/eileensig.gif" alt=" - " />

Re: Session support? #33713
10/19/00 06:06 PM
10/19/00 06:06 PM
R
Rick  Offline
Former Developer
Joined: Jun 2006
Posts: 10,177
Aberdeen, WA
What I have just realized is the way I am working with arrays in the port, I'm basically writing for php4. In php3, you can't reference an array in a string, so you have to concatonate(sp?) everything, like this:

echo "Hello" .$user[U_Username]. ". How are you?";

where in php4 you can do this:

echo "Hello $user[U_Username]. How are you?";

The first way makes for some extremely ugly code when printing out all the info for the generated pages.

Is this going to be a problem? I can write for php3 if that's what everyone wants, but like I said it is somewhat uglier not to mention, a pain in the butt;)

EDIT: Nevermind. It turns out you just can't reference multi-dimensional arrays in strings in php3, not standard ones. Like I said, I'm still learning:)

---
Scream
<A HREF="http://www.wcsoft.net" target="_new">http://www.wcsoft.net</A><P ID="edit"><FONT SIZE=-1><EM>Edited by Scream on 10/19/00 04:18 PM.</EM></FONT>

Re: Session support? #33714
10/19/00 06:26 PM
10/19/00 06:26 PM
A
Anonymous OP
Unregistered

PHP 4 is the way to go scream.
Faster and better. If any one has php3 on their server, they should upgrade to php4 !!

Aldar

Re: Session support? #33715
10/19/00 07:14 PM
10/19/00 07:14 PM
A
Anonymous OP
Unregistered

Sessions data is not mad amounts of load. It's a tiny file created initally in the /tmp directory. I use sessions on a fairly active site and I have no load issues.

Re: Session support? #33716
10/19/00 07:18 PM
10/19/00 07:18 PM
A
Anonymous OP
Unregistered

Development on PHP3 stopped months ago and all support has been halted on it by Zend. PHP3 is dead and has long since been replaced by PHP4. PHP4 is a very stable product and has had serveral patches released already to add more features and not stablity issues. To support PHP3 now would be a waste since by the time w3t is complete in PHP3 then they might be ready to work on PHP5.

Plus ewaddle isn't the way to handle sessions in PHP3. You use phplib to take care of sessions in PHP3. phplib is better code and it's cleaner too

Re: Session support? #33717
10/19/00 07:25 PM
10/19/00 07:25 PM
A
Anonymous OP
Unregistered

A session varible can be transfered in two ways (that I know of, there might be a third). They can be in a cookie or if the browser doesn't support cookies you can have PHP automaticlly append or you can specify in a config or in a required header to automaticly check if their is a cookie and if not then append the session id to the end of the URL. With that method people without cookies turned on can access the site.

Re: Session support? #33718
10/19/00 07:32 PM
10/19/00 07:32 PM
A
Anonymous OP
Unregistered

Actually Scream, even if the cookie data was set to be there forever then that wouldn't make it so you don't have to log out because the server keeps the data in a file in /tmp and PHP has a method for destroying these files on a random basis when they "expire". If you run phpinfo(); in PHP4 you'll see that info down a bit. gc_maxlifetime and gc_probability are the two variables that define this. gc_probability the the percent chance that the file will be destroyed. With a recommendation from Zend and my personal recommendation 5-10 is a good value for this and gc_maxlifetime is how long you want the session data to be valid. I think it's a little mislabled because I think gc_maxlifetime actually is how long the data is saved then the probability to destroy it comes into play only when the server isn't too busy or something like that I'm not 100% sure about that.

Re: Session support? #33719
10/19/00 07:38 PM
10/19/00 07:38 PM
A
Anonymous OP
Unregistered

I actually edited my w3t so it doesn't save your cookies and you have to log in everytime. I had several complaints from users who had two accounts and used the same computer (husband and wife / brother and sister / etc) that they'd log in under the other person's name and then when they hit logout and tried to login under their own name w3t would say "Hello, their name" in the corner but the main part of the page would say they're not logged in. At that point neither account could log in so I had to make a little script to clear all cookies from my server in the w3t folder and close all browser windows and then they'd hafta try and relogon and sometimes that didn't even work and I'd hafta explain to these people how to manually delete the cookie from their browser folder. So I just made all my cookies in w3t temp cookies and that fixed the problem.

Re: Session support? #33720
10/19/00 07:40 PM
10/19/00 07:40 PM
A
Anonymous OP
Unregistered

my big issue is that w3t saves my password in a cookie. Totally not cool IMHO.

Re: Session support? #33721
10/19/00 07:41 PM
10/19/00 07:41 PM
A
Anonymous OP
Unregistered

Actually I've heard of it being possible to "hack" the cookie protection of only allowing the domain that set the cookie to access it.

Re: Session support? #33722
10/19/00 07:45 PM
10/19/00 07:45 PM
A
Anonymous OP
Unregistered

"Also.. A while back I wrote a .js file that could be included in a post on this forum.. It would pull your user name and password, then create an image tag pointing to a cgi script on my server (with a query string that contained the user name and password) From there it could store everybody's user name and password into a database (I just wanted to see if it worked.. it did.. so I reported it as a bug and deleted the scripts)"


Exact reason I hate that w3t saves my password in a cookie! It should be my username and a random number that's generated and stored with my info in the database.

Re: Session support? #33723
10/19/00 07:52 PM
10/19/00 07:52 PM
A
Anonymous OP
Unregistered

Actually DoubleClick does know name and other info on most people. Ever fill out a form on a page with a DoubleClick ad on the top? Guess what? Their cookie with your ID goes to the company you filled the form out to asks you if they can share your info with their providers who are interested in selling their products to you. Guess who is their provider for all that other stuff. DoubleClick.. They then connect the DoubleClick database to their database and DoubleClick now know's your info. There was that lawsuit about DoubleClick doing this (which I think they won) and the lawyer was able to get his name, SSN, address, phone number, and other info from the DoubleClick database.

Re: Session support? #33724
10/19/00 07:53 PM
10/19/00 07:53 PM
A
Anonymous OP
Unregistered

PHP sessions will help because your personal data isn't stored in cookies on your system. Plus it's not a global cookie. Plus it gets deleted when you close the browser window. Plus it's a random alphanumeric string generated each time you login.

Re: Session support? #33725
10/19/00 08:01 PM
10/19/00 08:01 PM
A
Anonymous OP
Unregistered

"For example.. you might not strip special chars off a search form and a user could figure out a way to write code that does a select statement on the user_info table and prints it out to the screen... who knows?!?!?!"

I love doing that when someone asks me to check out their site or app that they just worked on. Scares the crap outta them. <img border="0" title="" alt="[Smile]" src="images/icons/smile.gif" />

Re: Session support? #33726
10/19/00 08:03 PM
10/19/00 08:03 PM
A
Anonymous OP
Unregistered

You don't need tons of RAM. They don't reside in RAM. They are stored in the /tmp directory and most of these files are less then 1/2 a KB.

Re: Session support? #33727
10/19/00 08:06 PM
10/19/00 08:06 PM
A
Anonymous OP
Unregistered

If ya read the session info on Zend's site (Zend makes PHP) they'll explain the differences between ASP and PHP session support somewhere I remember. They are handled better in PHP then in ASP, IMHO.

Re: Session support? #33728
10/19/00 08:19 PM
10/19/00 08:19 PM
A
Anonymous OP
Unregistered

I've never heard -any- body say that using sessions on a high load site was a good idea.. heh.. when you say fairly active does that mean 10 gigs a month data transfer? or 20 gigs a day? If you are like my friend and have a site that transfers 20 gigs a day.. I don't think you would like sessions too much.. =)

------------------------------------------------
Jeremy 'PeelBoy' Amberg

Re: Session support? #33729
10/19/00 08:23 PM
10/19/00 08:23 PM
A
Anonymous OP
Unregistered

Honestly.. The first way you did it is the -safe- way.. I got in a bad habbit of doing it the second way, and I run in to little problems here and there even on PHP4 (or even Perl for that matter) that end up being solved by switching the code to the first way of doing it.. Don't ask me why..

Even in perl I try to: print "hi ", $user, "\n";

I don't know why but I have less problems that way. (not that I run into a problem doing it the second way very often, but when I do it's annoying)

------------------------------------------------
Jeremy 'PeelBoy' Amberg

Re: Session support? #33730
10/19/00 08:30 PM
10/19/00 08:30 PM
R
Rick  Offline
Former Developer
Joined: Jun 2006
Posts: 10,177
Aberdeen, WA
The password is encrypted in the cookie.

---
Scream
<A HREF="http://www.wcsoft.net" target="_new">http://www.wcsoft.net</A>

Re: Session support? #33731
10/19/00 09:06 PM
10/19/00 09:06 PM
A
Anonymous OP
Unregistered

I never said heavy traffic is good with sessions I just said I don't have problems.

Re: Session support? #33732
10/19/00 09:08 PM
10/19/00 09:08 PM
A
Anonymous OP
Unregistered

There was a time when it wasn't and I never knew it changed to being encrypted till now.

Re: Session support? #33733
10/19/00 09:16 PM
10/19/00 09:16 PM
A
Anonymous OP
Unregistered

oh in that case.. hehe..

on a personal site or forum that gets a lot of hits, but not a LOT of hits.. sessions work fine I'm sure.. I would use them on my personal forum if it was still up.. I just wouldn't use it on a massive site that gets a LOT of hits.. they can be evil.. <img border="0" title="" alt="[Smile]" src="images/icons/smile.gif" />

------------------------------------------------
Jeremy 'PeelBoy' Amberg

Re: Session support? #33734
06/27/01 06:33 PM
06/27/01 06:33 PM
A
Anonymous OP
Unregistered

i am almost shy to tell this weakness in public, but somehow this needs to be addressed. Didyou fix the javascript vulnerability described above?
So yes, the password is encrypted. So at least they cannot find my password and use it in other places. But the encrypted password works to get access to wwwthreads, it works in place of the unencrypted password at login.
Imagine if they get the admin password via the javascript trick ..... Very bad. By the way, sessions might have an encrypted password in the url, and that password can be obtained in referrer logs of images. Make sure that the url does NOT contain the password.
But if someone obtains the session url immediately, real time, can't they choose the session url and just log into the same session???

Re: Session support? #33735
06/27/01 06:36 PM
06/27/01 06:36 PM
A
Anonymous OP
Unregistered

This is very shocking, I hope you fixed this and you filter out javascript.
Well I had a guy who put up a post with javascript that opens an infinite number of browser windows. Crashed many many computers, even Linux gets into trouble with this one.
And sure the boad users were pissed at the admins who did not immediately find and delete all his posts.
I cannot figure a legitimate use for javascript in a board post

Re: Session support? #33736
11/29/01 06:11 PM
11/29/01 06:11 PM
A
Anonymous OP
Unregistered

Can you give us pointers to where the cookies are set. I would like my forum to use a session cookie for the login. Also, I would prefer to encrypt the password and a timestamp, and when the timestamp is too old log them out.

Re: Session support? #33737
11/29/01 07:58 PM
11/29/01 07:58 PM
R
Rick  Offline
Former Developer
Joined: Jun 2006
Posts: 10,177
Aberdeen, WA
That would be in the ubbt.inc.php file. There is a function called start_page. In there you will see 3 calls to setcookie().

-------------------
Rick Baker
UBBThreads developer

Page 2 of 2 1 2

Shout Box
Today's Birthdays
No Birthdays
Recent Topics
Speaking of Http to https, complaints from user
by PianoWorld. 12/16/18 03:40 PM
update multilanguage site problem
by Zarzal. 12/15/18 04:20 PM
Char coding utf-8 and older forums
by Zarzal. 12/15/18 03:59 PM
table issue
by TheBrit. 12/13/18 06:05 PM
testing table layout
by TheBrit. 12/13/18 11:16 AM
Forum Statistics
Forums36
Topics35,181
Posts191,691
Members12,122
Most Online978
Jun 24th, 2007
Random Image
Powered by UBB.threads™ PHP Forum Software 7.6.2