Ok, I've got a login page that has these funtions to set the userid and password to session variables....
[code start] session_start(); if(!isset($userid)) { login_form(); exit; } else { session_register("userid", "userpassword"); $username = auth_user($userid, $userpassword); if(!$username) { session_unregister("userid"); session_unregister("userpassword"); echo "Authorization failed. " . "You must enter a valid userid and password combo. " . "Click on the following link to try again.<BR>\n"; echo "<A HREF=\"$PHP_SELF\">login</A><BR>"; echo "If you do not have login, please contact Operations to obtain one.<br>\n"; exit; } else echo "welcome, $username!"; } [code end] I then have a simple test page with the following code... [code start] <?php include "./register_functions.php"; if($_SESSION['userid'] == 'bob'){ Echo $_SESSION['userid']; Echo"Access Denied Bobby boy!!!"; } else { echo"OK, since it's not Bob, it's ok"; } html_footer(); [code end] The problem is that the $_SESSION['userid'] doesn't return anything on this page.. Am I not calling the session variable correctly or not storing it correctly? In my php.ini I have globals turned off. Does this effect it? Thanks, Jeff > -----Original Message----- > From: Dan Joseph [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 02, 2003 11:39 AM > To: php > Subject: RE: [PHP] User authentication > > > Hi, > > > What is stored in the date_out column? Is that one of the > colums in > > your own created table or a standard one? > > That's the SQL table that I use to track sessions. Its > one I created. I have a functon that does a simple SQL query: > > SELECT date_out FROM sessions WHERE user_id = 12 > > Then I check to see if if date_out != 0000-00-00 > 00:00:00 and log them out if it doesn't. This method is both > good and bad. (1) I have a master log of all user logins. > (2) I can force a user to log out. Overall, it was just more > work on the sessions. I guess I'd recommend this method if > you have to keep strong security in mind. > > -Dan Joseph > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php