On Friday 20 December 2002 22:20, Edward Peloke wrote:
> Ok,
> Newbie Question.....
> I know have a login and registration page on my website.  What is the best
> way to check to see if the users have logged in before they access the
> other pages?  SHould I add to each of the other url's ?clientid='' and if
> it is an empty string I know they haven't logged in?

Use sessions. After you've validated their username and password, set a 
session variable to show that they're logged in. Storing the login status in 
the URL is an extremely bad idea. What's to stop people who haven't logged in 
from adding/setting their own clientid?

Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *

I got vision, and the rest of the world wears bifocals.
                -- Butch Cassidy

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to