On Tuesday 12 November 2002 02:05, Ray Seals wrote:

> I would like for my pages to generate HTML code based on a users
> rights.  For example I have a table called user and it looks like this
> userid    password    admin    user
> --------------------------------------
> me        mypass        Y
> you       yourpass               Y
> When a person logs in they are authenticated against this table.  Once
> they are logged in I would like to build a page with a few links.  If
> the person has a Y in the admin, I would like to offer an additional
> link on the page for some admin functions.
> My question is this, when a person logs in I know the user name and
> password is stored in the $_POST global.  How long does that stay
> available. 

For all practical purposes[1] just treat it as if it's not available after the 
person is logged in.

> Can I recall the userid and password, query the database and
> then generate a page based on those results? 

Yes, but see [1].

> Would I be better off
> using the session information or setting cookies?

You definitely want to be looking at sessions. Search for some "user 
authentication" tutorials.

[1] Unless you continue propagating the login info (user/password) via hidden 
elements in a form (which btw, is a very foolish thing to do) they would only 
be available on the page that is handling your login.

Jason Wong -> Gremlins Associates -> www.gremlins.com.hk
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *

Experience is not what happens to you; it is what you do with what happens
to you.
                -- Aldous Huxley

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to