I have installed the phpb开发者_StackOverflow中文版b software and i am new to it, if a user access the forum via url like http://192.168.1.162/payodatalk/service/login.php?mode=login&username=uname&pwd=123
Where can i find the session variables like user name and password initialized ? i have referred the PHPBB site but still i am not clear about it. Any help on this would be useful for me.
thanks in advance
You should not allow authentication through GET request, since the requests would not be idempotent (cfr Hypertext Transfer Protocol - Method definitions).
However, to allow this you should modify phpBB's login function to fetch username and password from the $_GET supervariable instead of $_POST only (you should check $_GET if $_POST does not contain username and password, do not replace the $_POST entirely).
It can be done by changing the base code.. For that read the code structure of phpBB here
but its not safe to include pwd in the url itself .
Consider a user logs in as u specified and anyone who able to see the url from browser history can also login..
Thats a bad technique to be online and its actually reverse to the concept of authentication.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论