Brooks [mailto:eurleif@;buyer-brokerage.com]
> Sent: Monday, October 28, 2002 9:08 PM
> To: Daevid Vincent
> Cc: [EMAIL PROTECTED]
> Subject: Re: [PHP-DB] The Ethics and Access of Login
>
>
> That's a HUGE security flaw! Anyone could send that in a GPC
> value and
> get unau
That's a HUGE security flaw! Anyone could send that in a GPC value and
get unauthorized access! USE $_SESSION['login'] INSTEAD!!!
Daevid Vincent wrote
Then at the top of each page, just check if they're logged in or not.
if( !$login ) { Header("Location: ".$LOGINPAGE."\n\n"); exit; }
--
Well, what I would suggest is you log them in once, then set a session
variable such that $_SESSION["login"] = true;
Then at the top of each page, just check if they're logged in or not.
if( !$login ) { Header("Location: ".$LOGINPAGE."\n\n"); exit; }
No hit to the db for every page.
If you're