Hello, I'm using the regular user authentication method, that is, check the specified login/pass agains't the entries in the DB, if it is valid, create the user object and register it with the section.
How can we prevent any user from creating a simple PHP page that creates a simmilar user object, registers it with the session and then links to my pages? One way would be to check, in each page, for the password in the session user object and match it with the DB entry, but storing the password in the session is not advisable, as other users in the host system may have access to that information. Please advise. Thank you ver much for your time. -- Pedro Alberto Pontes -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
