Troy Moreland wrote:
> If I can't decrypt it, then I can't pass that password for the
> user. How do I keep passing the password then w/o having to write it to the
> session. Is that the right way to do it??
I don't know if this is the right way but what I would do is have a
login page that does the md5 databse lookup, if it is successful writes
the users name to a variable to the current session, maybe $verified_user
Now every page tests for $verified_user you will know if they have
logged in correctly, This approach seems to work very well for me, I
don't know if there are any major security holes though?
example:
if ( isset($verified_user) ) {
$user = $verified_user;
} else {
$user = "nobody";
}
Hope this helps, it is pretty simple really.
Regards
Joseph
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
