In a revised scheme for a customer I'm doing # 3.

User can come into any page, a bit of PHP at the top does this:
starts session
registers "origin"
assigns PHP_SELF to $origin
checks to see if another session var is set and directs to logon page if not
    if( !session_is_registered( "member_id" ) ) { header("Location: 

    Where they are logged on and member_id is set. There's nothing magic 
about member_id, it's simply a token and has no content. After 
authentication the user is returned, via a header command, like so:
    header("Location: $origin");

If authentication fails they loop on the logon page, which has links to 
a  registration and lost my password  forms.

The neatest part of this is that any page can be protected from 
unauthorized viewing merely adding a bout 6 lines of code at the top and 
saving it with a php rather than html extension.

Regards - Miles Thompson

At 12:47 PM 12/4/2001 -0500, Jim wrote:

>There are many different ways to do this ...
>1. Have the same PHP script that validates generate the login page. This 
>way the script always has the correct data and you don't need to pass anything.
>2. Header("Location: login.php?err=$err&user=$user&pass=$pass");
>This will work, but the bad password will be visible in the query string.
>3. Start a session at the login page and register the variables you need 
>to use on the login page.
>>I wonder if someone could tell me whether or not the following is
>>I have an HTML form which passes a username and password to a PHP script
>>for validation. If either is not valid, I would like it to return to the
>>previous page - carrying with it a variable plus the submitted form
>>if (strlen ($password1) <4 ) {
>>    $err = "Password must be more than 4 characters long";
>>    header("Location:http://somelocation.php";);
>>    // ^-- at the location, the $err and form variables will be available
>>    exit;
>>Is it possible to this without using an HTML form?
>>Thanks very much in advance.
>>- Best regards,
>>PHP General Mailing List (
>>To unsubscribe, e-mail: [EMAIL PROTECTED]
>>For additional commands, e-mail: [EMAIL PROTECTED]
>>To contact the list administrators, e-mail: [EMAIL PROTECTED]
>Jim Musil
>Multimedia Programmer

PHP General Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to