I'm using the regular user authentication method, that is, check the
specified login/pass agains't the entries in the DB, if it is valid, create
the user object and register it with the section.

How can we prevent any user from creating a simple PHP page that creates a
simmilar user object, registers it with the session and then links to my
pages? One way would be to check, in each page, for the password in the
session user object and match it with the DB entry, but storing the password
in the session is not advisable, as other users in the host system may have
access to that information.

Please advise.

Thank you ver much for your time.


Pedro Alberto Pontes

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to