> What I do on my pages is perhaps a convoluted way of doing it but it
> works. I set a username and password session variables. Every time
> page loads the script verifies the username and password are correct.
> not, they don't get to see the rest. This, in my mind, pervents
> from supplying a key variable like $_session['logged_in']. This way
> have to know the username and password.
But users can't supply session variables. So if your script sets
$_SESSION['logged_in'], then only your script can change it's value.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php