Env:  Apache 1.3.x/php4.0.6/mysql3.23.x
Scenario:  I have built a system that uses PHP sessions for user access.  Within the system I send user notifications via email.   Within the email are links to certain pages with variables.  For example.
My system checks to see if the session is valid.  Since the user is coming from an email.  There is no session.  So the user is prompted for the user and password.  They enter and click submit.  The authentication passes the user to right page, but losses the variables in the query string.  Thus causing errors.
Here is the authentication code...
#### set session settings from login form
if (!session_is_registered("valid_user") && $session_login=="proc") {
 if ($userid && $password) {
    // if the user has just tried to log in
    $db_conn = mysql_connect("localhost");
    mysql_select_db("$dbname", $db_conn);
    $query = "select * from auth_users "
           ."where auth_username='$userid' "
           ." and auth_password='$password' ";
    $result = mysql_query($query, $db_conn);
    if (mysql_num_rows($result) >0 ) {
      // if they are in the database register the user id
      $valid_user = $userid;
    } else {
   $invalid_login= "Invalid login:  Could not log you in...
   <!--ERROR: $dbname <P> $query-->";
Any Ideas on how to pass the query string variables through the authentication process? 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to