> you could make them log in once per session and just have 
> every page check and see if they already have logged in and 
> if they have not then trigger the login mechanism.

This is what I do.  I have a file/function called verify that I call at
the top of every page that I want secure (and any page that might just
perform an action and then redirect to a page that displays content).

Here is how my authentication system works:

1) On any page a session is started if one doesn't already exist.

2) When they submit they submit login information it is checked against
the database.

3) If the login is approved, I session_register() the user_id field, the
user_level (if applicable), and a variable called valid.

4) I set valid = to the md5 hash of user_id.user_level.secret_variable
(secret variable is a variable set in the code so only the server knows

5) on every page the verify function checks to make sure that the
variable $valid is equal to the md5 of
user_id.user_level.secret_variable  (This works because the session
knows the user_id, and user_level, and the server knows the secret

Hope this helps.


PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to