MoJo85
05-07-2001, 01:03 AM
I just took a script (below) and added it to my website. It integrates the vBB login with a non-vb website. So when I was doing this I thought about the security issue. So I'm wondering how secure is this script. Is it secure enoght that I just have to portect myphpAdmin and the mySQL database?? or is this just a script that looks like its protecting something
Any comments would be appreciated.
Thanks for any help.
Here is the php script...
<?
chdir($DOCUMENT_ROOT . "/bulletinboard");
require($DOCUMENT_ROOT . "/bulletinboard/global.php3");
if ($bbuserid == 0)
{
eval("echo standarderror(\$bbtitle,\"".gettemplate("error_nopermission")."\");");
exit;
}
if ($bbusername == "" || (isset($bbusername))==0)
{
$getusername=$DB_site->query_first("SELECT username FROM user WHERE userid=$bbuserid");
$username=$getusername[username];
$bbusername = $username;
}
else
{
$username = $bbusername;
}
?>
<html>
<title>Secure Area</title>
<body><font face=verdana,arial,sans-serif size=2>You should only be able to see this if you're logged in.<p>
</font>
</body>
</html>
Any comments would be appreciated.
Thanks for any help.
Here is the php script...
<?
chdir($DOCUMENT_ROOT . "/bulletinboard");
require($DOCUMENT_ROOT . "/bulletinboard/global.php3");
if ($bbuserid == 0)
{
eval("echo standarderror(\$bbtitle,\"".gettemplate("error_nopermission")."\");");
exit;
}
if ($bbusername == "" || (isset($bbusername))==0)
{
$getusername=$DB_site->query_first("SELECT username FROM user WHERE userid=$bbuserid");
$username=$getusername[username];
$bbusername = $username;
}
else
{
$username = $bbusername;
}
?>
<html>
<title>Secure Area</title>
<body><font face=verdana,arial,sans-serif size=2>You should only be able to see this if you're logged in.<p>
</font>
</body>
</html>