To protect certain web pages on my site, I am using the following code
inserted at the very beginning (top) of the page:
<?php
include_once( 'init.php');
if( isset( $HTTP_SESSION_VARS['session_id'] ) == FALSE ||
isset( $HTTP_SESSION_VARS['username'] ) == FALSE ){
header( 'Location: '.MEMBER_LOGIN_PAGE );
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
... Dreamweaver template code here...
</html>
Is this a recommended way of doing this?
Next, to initialize the session, a login page posts the username - password
information to a PHP script, check_login.php. The login info is checked
against a database and, if all is kosher, a new session is created and the
user is dispatched to the site's home page. Here's the relevant code:
<?php
include_once( 'init.php');
...
$username = trim($HTTP_POST_VARS['username']);
$password = trim($HTTP_POST_VARS['password']);
... if username and password check out, initialize a session...
$HTTP_SESSION_VARS['username'] = $username;
$HTTP_SESSION_VARS['session_id'] = crypt( $password );
header( 'Location: '.SITE_HOME_PAGE );
...
?>
Does this make sense? Am I missing something? Any review, advice, etc.,
would be much appreciated.
Cheers,
Michael
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
