On Friday 20 December 2002 22:20, Edward Peloke wrote:
> Newbie Question.....
> I know have a login and registration page on my website. What is the best
> way to check to see if the users have logged in before they access the
> other pages? SHould I add to each of the other url's ?clientid='' and if
> it is an empty string I know they haven't logged in?
Use sessions. After you've validated their username and password, set a
session variable to show that they're logged in. Storing the login status in
the URL is an extremely bad idea. What's to stop people who haven't logged in
from adding/setting their own clientid?
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
I got vision, and the rest of the world wears bifocals.
-- Butch Cassidy
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php