feha
Posts: 712
|
Posted: 02/16/2004, 1:14 AM |
|
If You Set Up more CCS applications on the same server what happens?
Yes you want a demo of your applications but the problem is if user login
to test one application it saves info on sessions.
This is a bit off problem, if you have your "real" application let say
homepage demo users could login in to REAL application and "HACK" your
homepage, you might give them this "permission" by giving them higher security level (GroupID) on Demo.
Variables on sessions are the same that's why demo user can login in to
"REAL" app. The same is if You put different demo applications cause is the share same variables.
Solution:
open common file right at the beginning after includes ...
write/add this code:
here more info on how to fix it: http://www.vision.to/vision/modules/Homepage_MOD/main.php?page_id=54&cid=8
enjoy
_________________
Regards
feha
www.vision.to
feedpixel.com |
|
|
peterr
Posts: 5971
|
Posted: 02/16/2004, 12:36 PM |
|
feha,
Thanks for your comments, although we have a feature in CCS specifically to manage such situations.
Go to: Project Settings -> Security -> Advanced
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
feha
Posts: 712
|
Posted: 02/16/2004, 12:49 PM |
|
Thank You Peter, Yes it has that feature CSS it is right.
I use a ready generated Web Apps.
So if I put two of same applications on the web one demo and one "real" i wont need to <b>regenerte</b> whole project again.
Just change the suffix ...
I'm I right or ?
_________________
Regards
feha
www.vision.to
feedpixel.com |
|
|
peterr
Posts: 5971
|
Posted: 02/16/2004, 12:54 PM |
|
Yes, in this case your solution should work well.
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
GASTAN
Posts: 3
|
Posted: 02/18/2004, 5:01 PM |
|
I wonder why it is supposed to work.
Because as I see it, let's say :
function CCGetUserLogin()
{
return CCGetSession("UserLogin");
}
will return value of "UserLogin" variable from session no matter how
constant UserLogin is defined.
function should look like this:
function CCGetUserLogin()
{
return CCGetSession(UserLogin);
}
to work fine with those proposed define statements.
Unless I am missing some quite important concept in whole PHP scripting.
Quote peterr:
Yes, in this case your solution should work well.
|
|
|
feha
Posts: 712
|
Posted: 02/18/2004, 5:22 PM |
|
Quote GASTAN:
I wonder why it is supposed to work.
I have tested in practice it works ...
id defines other variable name for UserID no matter if you still
call it UserID ...
If You have localserver check session data...
PHPSESSID=61a653d4cbf989e4f6188598fcd409df|N;|s:32:"61a653d4cbf989e4f6188598fcd409df";UserIDXTX2|s:1:"3";UserLoginXTX2|s:14:"info@vision.to";UserPasswordXTX2|s:4:"O.K.";GroupXTX2|s:1:"5";THEME|s:0:"";Admin_Level|s:10:"Enterprise";InsertAllowed|s:1:"1";UpdateAllowed|s:1:"1";DeleteAllowed|s:1:"0";CustGroup|s:12:"Discount 10%";CustDiscount|s:2:"10";
You see that UserIDXTX2
is with my suffix...
XTX2
so it works...
I added even session it self to the variable to compare in my onlinecounter if session is still active...
_________________
Regards
feha
www.vision.to
feedpixel.com |
|
|
feha
Posts: 712
|
Posted: 02/18/2004, 5:29 PM |
|
Quote :
function CCGetUserLogin()
{
return CCGetSession(UserLogin);
}
That's right ...
_________________
Regards
feha
www.vision.to
feedpixel.com |
|
|
GASTAN
Posts: 3
|
Posted: 02/19/2004, 10:17 AM |
|
Wait a minute:
You have return CCGetSession(UserLogin);
?
So it works for you.
But I have return CCGetSession("UserLogin");
(And I suppose other guys may have the same code (as it was generated by CCS 2.2.3.60)
So I believe there should be mentioned, that needs to be changed as well.
Quote feha:
Quote :
function CCGetUserLogin()
{
return CCGetSession(UserLogin);
}
That's right ...
|
|
|
feha
Posts: 712
|
Posted: 02/19/2004, 10:41 AM |
|
You'r right GASTAN i forgot to mention that modification in common.php
Looks like:
//CCGetUserID @0-EF62368C
function CCGetUserID()
{
return CCGetSession(UserID);
}
//End CCGetUserID
//CCGetGroupID @0-D427C2CC
function CCGetGroupID()
{
return CCGetSession(GroupID);
}
//End CCGetGroupID
//CCGetUserLogin @0-2C0E1D46
function CCGetUserLogin()
{
return CCGetSession(UserLogin);
}
//End CCGetUserLogin
//CCGetUserPassword @0-FF9DADAF
function CCGetUserPassword()
{
return CCGetSession(UserPassword);
}
//End CCGetUserPassword
a Very important part too
So i will update my tutorial page ...
Thanks ...
one more tips when you set session for password for security
reasons don't set it or set only "O.K." ...
The system is not using it anyway...
as it saves real password not the password in MD5 in your DB
it could be a risc ...
_________________
Regards
feha
www.vision.to
feedpixel.com |
|
|