Yes, but unless you're doing something like a shopping cart, php
sessions are probably overkill.

For this all that he needs to do is have a login box that checks to
see if the username/password are ok, and saves them in a cookie  if
they are.

then at the top of every script you load the user's preferences if
the cookie is there and set a variable ($preferences maybe).

Then, if $preferences is there, you show the edit button.

On Wed, 21 Nov 2001 12:14:09 -0800, Fred wrote:
>I agree, if you want to do anything special with logins do not rely
>htaccess, write your own auth scripts.  On the other hand, I would
>recommend using cookies either, unless it is in conjuntion with
>PHP has great session management funtions and they should be used at
>exclusion of other authenitication methods.
>There are plenty of tutorials and scripts for this out there, but
>the basic
>steps work like this:
>1. start a session at the top of every page
>2. put a login form on at least one page
>3. when a user logs in, register the username with the session
>4. check for the username before displaying the edit buttons
>Mark <[EMAIL PROTECTED]> wrote in message
>using apache to do the authorization is the cheap and easy way. If
>you want something more advanced you should use a cookie. There's
>probably tons of sample code on
>On Wed, 21 Nov 2001 11:30:49 -0700, Nelson Goforth wrote:
>>In my project I have basic HTML pages with PHP/MySQL driven
>>In a subdirectory I have pages that allow users to change the
>>of the pages and other administrative functions.  This subdirectory
>>is protected with Apache mod_auth.
>>What I would like to do is allow authorized users to see an "Edit"
>>button on each page in the main directory, which would allow them
>>update a page right from the page itself - rather than going into
>>admin subdirectory to do it.
>>I can drive the display of an "Edit" link from the REMOTE_USER
>>environmental variable, but how can I allow the authorized users to
>>log in, while STILL allowing unfettered access by the public?  If
>>they log in under the subdirectory that log in name doesn't carry
>>back up to the top directory (I tried), even if I name the realm
>>same using the AuthName directive in .htaccess .
>>I found some basic information in the book "Professional PHP
>>Programming", but could someone point me to another resource that
>>might give a bit more detail?

PHP General Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to