[phplib] How to detect cookies and javascript From: Jim Ide (JIde <email protected>)
Date: 07/14/00

Hi -

1. phplib uses cookies to pass the session id, and falls back to GET. How
can I force users to use cookies and NOT allow GETs?

2. phplib uses javascript in the crcloginform.ihtml to encrypt a challenge
value sent by the server so that the password is not sent across the link
back to the server. If javascript is not enabled (or not implemented) on
the browser, then the password is sent (in cleartext) back to the server (is
this correct?). Is there some way I can detect if the browser supports
javascript and javascript is enabled on the browser, so that the password
can NEVER be sent to the server? In other words, I want to print an error
message on the user's browser if it won't run javascript, and instruct the
user to upgrade to a newer browser.

3. Many user account managers have features such as
- allow user to change password
- force user to change password after X days
- check for easy-to-guess passwords
- set a minimum length for passwords
- prevent users from re-using passwords
- prevent logins after X invalid password attempts
- only allow logins between the hours of X and Y, on Mondays thru Fridays
Has anyone written something like this for php / phplib?

Jim

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>