On Saturday 30 March 2002 02:24, Omland Christopher m wrote:
> So this will work it regonizes a real user vs. a fake on I do. But I don't
> understand whats to stop someone from directly linking to a protected
> page? For example why couldn't someone just go directly to
> ...../about.php.

You're right there's absolutely nothing to stop them from doing that.

> Does this make sense? Should I have the login form in one file and the php
> script in another? Do I need to check the http header somehow to see if
> they have logged in?

The usual way to do login is that after authentication you send the user a 
cookie. On the subsequent pages that you want to protect you check for the 
presence of a valid cookie. If one is present you let them view the page, 
otherwise redirect them to a login page or something.

Jason Wong -> Gremlins Associates -> www.gremlins.com.hk

"The only way I can lose this election is if I'm caught in bed with a dead 
girl or a live boy."
-- Louisiana governor Edwin Edwards

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to