Yes, I'm the one creating the accounts in the database, users can't create their own accounts nor do they have permissions to create new users.
Thanks! Jeff > -----Original Message----- > From: Chris Shiflett [mailto:[EMAIL PROTECTED] > Sent: Friday, October 03, 2003 3:09 PM > To: Jeff McKeon; php > Subject: RE: [PHP] User authentication > > > --- Jeff McKeon <[EMAIL PROTECTED]> wrote: > > Well both variables $userid and $userpassword are bounced off of a > > user database table, if the username/password don't match then the > > session variables are cleared with a session_destroy() > call. Is that > > a good enough validation? > > Yes, as long as you realize that you have now shifted the > trust to those values in the database. As long as there is no > way for a user to inject malicious code during the > registration process (or however the username and password > end up in the database), then that part should be fine. > > Hope that helps. > > Chris > > ===== > My Blog > http://shiflett.org/ > HTTP Developer's Handbook > http://httphandbook.org/ > RAMP Training Courses > http://www.nyphp.org/ramp > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php