> Hi, > > > > (2) I would advise not mixing $_SESSION and > > > session_register() -- it's problematical in some situations. Just > > > stick to using the $_SESSION array. > > > > I'm not quite sure what you mean here, can you give an example or > > elaborate. Sorry, real newbie here... :o) > > $_SESSION['userid'] = 254; > > Where 254 is, that is the value you want to assign it. > Its just an array. Think of it more as a global variable > accross the entire site. > > -Dan Joseph
So I've replaced my session_register("userid", "userpassword"); With $_SESSION['userid'] = $userid; $_SESSION['userpassword'] = $userpassword; And my: session_unregister("userid"); session_unregister("userpassword"); With Session_destroy(); I've also added a field to the user table called "CanEdit" that is set to "1" or "0". When the authentication function is called, I run a query that updates the users idle timestamp, get's his/her CanEdit value and stores it to $_SESSION['CanEdit'], and returns the username. [code begin] function auth_user($userid, $userpassword) { global $default_dbname, $user_tablename; $link_id = db_connect($default_dbname); $query = "SELECT username FROM $user_tablename WHERE userid = '$userid' && userpassword = password('$userpassword')"; $result = mysql_query($query); if(!mysql_num_rows($result)) return 0; else { //set idle timestamp (using unixtime) $stamp = gmmktime(); $query2 = "update $user_tablename set idle_time = $stamp where userid = '$userid'"; $result2 = mysql_query($query2); //get the users "CanEdit" value $query3 = "select CanEdit from $user_tablename where userid = '$userid'"; $result3 = mysql_query($query3); $query_data3 = mysql_fetch_row($result3); $_SESSION['CanEdit'] = $query_data3[0]; //Return the users name to the calling page $query_data=mysql_fetch_row($result); return $query_data[0]; } } [code end] Then when any new page loads it first checks to see if the user has a "CanEdit" value of "1", if not it boots them back to the page they came from, if so it runs a query to check their idle timestamp and subtrack it from the current unixtimestamp to find the difference. If it's greater than X they are booted back to the login screen, if it's less than X the page is loaded.. Anything look wrong or insecure with all of this? Thanks for all the help!!! jeff -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php