Do you want a refresh on the current page when the login is successful? Upon successful login, it will refresh your current page (welcome.php), then the script (welcome.php) will see that the user is logged in and will display the welcome screen content rather that the login content.
Or would you rather do it more "Web 2.0 style" without the browser refresh, and have the login content disappear, and the welcome content display in place? What exactly is the client seeing on welcome.php that makes it insecure? I don't see the issue. On Feb 13, 8:30 am, phicarre <[email protected]> wrote: > The question was "How to call welcome.php from my jquery script in a > secured manner ?" because welcome.php is visible from the client side. > > On 13 fév, 13:19, Rene Veerman <[email protected]> wrote: > > > Rene Veerman wrote: > > > // $pwh = md5 ($users->rec["user_password_hash"] . > > > $challenge); > > > Ehm, best to use Either sha256 OR md5 for BOTH fields ofcourse ;) > > It was a hasty paste. > >
