Addendum: to original post

 I can change the ?userid=$userid if there's an easier way to do it but I haven't been 
able to figure that out yet.
  ----- Original Message ----- 
  From: Steph 
  Sent: Wednesday, July 11, 2001 5:45 PM
  Subject: Security and Cookies

   A friend of mine needs help, we are both PHP newbies. Here's her prob:

  I have user authentication program that uses mySQL to store the username/password 
and other information that they entered when they registered.  The secured pages use 
?userid=$userid at the end of the page name to designate who the user is. (example: 
main.php?userid=admin)  I want to make this more secure so that you can't just type 
the example in and have access to the admin files (or type in someone's username and 
have access to their files).  I'm using a cookie right now but I'm having troubles 
with it because you have to refresh the main page every time you login or it says that 
you're not a valid user.


Reply via email to