Yup, session variables are the way to go (man!)

I just set up something similar at http://www.fresh-toast.net/netmeeting, 
when a user has successfully registered or logged in , a session variable 
is set. Make sure to start a session at the top of your script.

if session_is_registered("user_id") {
execute user code...

I found that by checking if the variable is *registered* rather than *set* 
you get the advantage that users can't post a form or URL to your script to 
set the varible user_id in the global scope (assuming you have 
register_globals switched on in php.ini, as most ISPs do) : i.e. you know 
you set it rather than somebody else, and can rely on the value.

Neil Smith.

>Hi there. You could avoid all of that trouble by using session variables.
>Upon successful login create/register a session variable to let the system
>know who they are, then on subsequent pages you want protected do a check to
>see if it exists, if not send them on their merry way.
>hth Joe :)
> > Hi list, hope someone can help me here.
> >
> > I have content management system I have designed. I am still learning php
>so help here would be appreciated.
> >
> > The user logs into the system, and we carry there user name over the pages
>using a link to each page with the value of their name carried over as
>follows: ../index.php?name=<?echo("$name")?>
> >
> > This works fine for the whole site, except when a user makes changes to a
>entry. Once they submit adding a new entry or modifying an existing one, the
>value of : ../index.php?name=My Name ends up being ./index.php?name=My
> >
> > It deletes the end of the name of the url, so that when the user clicks
>the link it does not really know who they are.
> >
> > I have used a hidden field to carry the value of the name over the pages,
>but it does not work on forms.
> >
> > I hope this makes some sort of sense.
> >
> > If anyone knows of a workaround.

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to