Please make sure you escape all data from the $_SERVER var correctly to prevent sql injection. You need to call $db->sql_escape on the variable in the query.
Beside that, the query itself should be uppercase (Ofcourse with the correct case for the table names, so lower case) instead of the current ...
Search found 6 matches
- Sun Sep 07, 2008 5:42 pm
- Forum: [3.0/Olympus] New features discussion
- Topic: Certificate login
- Replies: 11
- Views: 73465
- Sun Sep 07, 2008 1:44 pm
- Forum: [3.0/Olympus] New features discussion
- Topic: Certificate login
- Replies: 11
- Views: 73465
Re: Certificate login
Actually, the code was surprisingly simple. I first implemented it in a complicated way before finding out the auth plugin system.
This is what is needed to do: add an autologin for the auth plugin (for exmaple includes/auth/auth_db.php) you want to use. Autologin code is very simple:
function ...
This is what is needed to do: add an autologin for the auth plugin (for exmaple includes/auth/auth_db.php) you want to use. Autologin code is very simple:
function ...
- Sat Sep 06, 2008 11:53 am
- Forum: [3.0/Olympus] New features discussion
- Topic: Certificate login
- Replies: 11
- Views: 73465
Re: Certificate login
I succeeded to modify the source to allow certificate login. You can test it in
http://valita.dy.fi/bbvalita/viewtopic.php?f=48&t=41&p=50
Try it only if you really are interested. I only have a 600Mhz pentium running on the server. It has an old discussion forum in finnish (not very popular ...
http://valita.dy.fi/bbvalita/viewtopic.php?f=48&t=41&p=50
Try it only if you really are interested. I only have a 600Mhz pentium running on the server. It has an old discussion forum in finnish (not very popular ...
- Fri Jul 11, 2008 8:56 am
- Forum: [3.0/Olympus] New features discussion
- Topic: Certificate login
- Replies: 11
- Views: 73465
Re: Certificate login
Actually, I think the apache ssl module handles the most of the login procedure. You just have to add one www-address (for example secure.my.site.com) to your site and require client certificate for that site.
After that, users can see that new www-page only if they have valid certificate. WWW ...
After that, users can see that new www-page only if they have valid certificate. WWW ...
- Fri Jul 11, 2008 7:33 am
- Forum: [3.0/Olympus] New features discussion
- Topic: Certificate login
- Replies: 11
- Views: 73465
Re: Certificate login
First, sorry for this:
BTW, from the forum rules: "Don't post bug reports, feature requests , support questions or suggestions here."
I just could not find any other place for feature requests.
I think this is a feature where most people doesn't see the benefits. But if you have once tried the ...
BTW, from the forum rules: "Don't post bug reports, feature requests , support questions or suggestions here."
I just could not find any other place for feature requests.
I think this is a feature where most people doesn't see the benefits. But if you have once tried the ...
- Tue Jul 08, 2008 8:06 am
- Forum: [3.0/Olympus] New features discussion
- Topic: Certificate login
- Replies: 11
- Views: 73465
Certificate login
If certificate login is added to phpbbs as a feature, that would allow users to login securely with one password to several phpbbs boards .
The basic idea is to have a x.509 certificate on your own pc. When you connect to the phpbbs (or any site allowing certificate login), the server can check if ...
The basic idea is to have a x.509 certificate on your own pc. When you connect to the phpbbs (or any site allowing certificate login), the server can check if ...