Have a look at Kevin Yank's article on sitepoint.com called something like "restricting page access with php and mysql".
It formed the basis of my user and session management. Basically, you should be re-checking your username and password on every page, so it shouldn't be too hard to extend this to check for which course numbers they've paid for. You'll also need to extend it so that some pages are not restricted (eg home), but still maintain/carry the session. I guess what I'm saying is to keep as much data as possible in the database, rather than in sessions, because sessions, cookies etc etc can all be spoofed or hijacked. So at the top of each page, you're checking: - if the username and password match the database - if the course # requested has been paid for If yes, then show page, else tell 'em to go away :) That's what I'd be doing... otherwise, you've asked how to assign a variable to a session, pretty much. $_SESSION['coursepaidfor'] = "45"; Which should be pretty easy to compare. Justin French on 08/07/02 7:20 PM, Anthony Rodriguez ([EMAIL PROTECTED]) wrote: > Dear Richard, > > Again thank you for your reply. I'm sorry to keep bothering you. Please > tell me when to stop. > > Let me explain what I'm trying to do and maybe you'll point me in the right > direction. > > I'm developing a "paid" Web site for business courses. Some pages will be > available to all visitors (e.g. the Home page). Other pages will be > available to "paid" visitors. The usernames, passwords, and courses paid > for will be stored in a MySQL table. One of the pages will be a form to ask > a user for his/her username, password, and course paid for. The form will > be sent to a PHP script that validates the responses. I' know how to do > this. In that PHP script I'd like to create a "session variable" (i.e.: the > course #) that would be used to validate each page of the course. > > At the top of each course page (PHP script) there would be an if statement > (if course # equals "session variable" display page, else go elsewhere). > > Can you help? > > Thank you! > > Tony > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
