I have my page set up to use sessions to track the users on my page.  The best way I 
have found is to give each user a "user level" to identify what areas they should or 
should not be in.  For example, if you have a page that edits the news content on your 
site, you might set it up like this:


if($userlevel == "admin") {
} else {


Basically, if you're not logged in as a user with Admin rights, then you don't get to 
see the page.  And since only YOU can declare what rights your users have, I don't see 
a way to spoof this.  Unless of course the person doing the spoofing KNOWS what 
variable you check to see access rights.  An adaption of this script might help.



>>> "Youngie" <[EMAIL PROTECTED]> 07/08/02 01:50PM >>>
Hi Follks

I'm writing an application that requires the user to login to gain access to
the rest of the site.
The login dailog is on index.html, once verified by login.php the user is
presented with a menu from
which he can select several options option1.htm which executes a query
through option1.php etc,
option2.htm and option3.htm  and so on. But there's nothing stopping him
from bypassing the login completely
and just brining up option2.htm directly in the browser. I'm looking for
some kind of mechanism to set a
flag for a successful logon in index.php that can be tested in the other php

I tried using a cookie and got that to work but the user can close the
browser, reopen and the cookie is still
set. I looked in to session variables but one page could seem to see the
session variable values set in the
login page, it saw the variable was registered but not the value it was set

I know this has to be a simple exercise but I'm a newbie.



PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php 

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to