[Pugged] Alright, my turn
Chris Van Cleve
ciapug@ciapug.org
Tue, 24 Sep 2002 18:02:45 -0500
I'm hoping not to turn register_globals on. I'm a believer in keeping
with standards, especially for security. Besides, learning the hardway
first makes doing it the easy way that much more cake.
Chris said:
could it be if($_SESSION['usr_seclvl'] !> $auth)
I actually tried that, oddly enough. It broke the whole include file. ;)
I'll try it the simpler way Bryan mentioned and see how that goes. it
just seems odd to me that anything gets authorized except 0. That
throws me a bit.
Chris
On Tuesday, September 24, 2002, at 04:25 PM, Tim Perdue wrote:
> On Tue, Sep 24, 2002 at 03:58:18PM -0500, Chris Van Cleve wrote:
>> SO, I updated to Mac OS X 10.2 and went through the horrendous
>> discovery that my backup scheme for MySQL didn't work. Starting over
>> from scratch, and updating PHP in the process, I now have a problem
>> I'm having difficulty getting around. It worked before, but now it
>> doesn't.
>>
>> I am testing for a needed level of access for a page. The page sets a
>> variable named $auth
>> to 50, then in my authfile it tests as follows:
>>
>> if(!$_SESSION['usr_seclvl'] > $auth)
>>
>> Then display an access restricted message instead of the protected
>> page. What happens in reality, however, is it lets anyone of any
>> level other than 0 (zero) into the page. Any ideas? Need mroe info
>> than that?
>>
>> Let me know. I'll get it eventually, but I've already spent a week
>> resurrecting this already. I want speed! ;) Thanks!
>
> I haven't fully pondered your message, but I wonder if you are running
> into
> the issue where PHP is more strict now with global variables?
>
> /usr/local/lib/php.ini:
> register_globals = On
>
> That comes turned off by default.
>
> Tim
>
> --
> Founder - PHPBuilder.com / Geocrawler.com / SourceForge
> GPG Public Key: http://www.perdue.net/personal/pgp.php
> Perdue, Inc. / Immortal LLC
> 515-554-9520
> <mime-attachment>