On Saturday 30 March 2002 02:24, Omland Christopher m wrote: > So this will work it regonizes a real user vs. a fake on I do. But I don't > understand whats to stop someone from directly linking to a protected > page? For example why couldn't someone just go directly to > ...../about.php.
You're right there's absolutely nothing to stop them from doing that. > Does this make sense? Should I have the login form in one file and the php > script in another? Do I need to check the http header somehow to see if > they have logged in? The usual way to do login is that after authentication you send the user a cookie. On the subsequent pages that you want to protect you check for the presence of a valid cookie. If one is present you let them view the page, otherwise redirect them to a login page or something. -- Jason Wong -> Gremlins Associates -> www.gremlins.com.hk /* "The only way I can lose this election is if I'm caught in bed with a dead girl or a live boy." -- Louisiana governor Edwin Edwards */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php