If you test $HTTP_SESSION_VARS["uid"] instead, you'll know that it came
from a session and not from a GET variable.
- Tim
On 14 Aug 2001 08:42:22 -0300, Christian Dechery wrote:
> I have pages that uses session for security that looks something like this:
>
> <?php
> session_start();
>
> if( !isset($uid) )
> {
> include("include/auth.inc.php");
> auth_user();
> }
>
> more code...
> ?>
>
> so $uid tells me if the user is logged on or not...
>
> but what if somebody calls the script directly from the address bar like
> this: http://server/script.php?uid=10
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
