Yup, session variables are the way to go (man!)
I just set up something similar at http://www.fresh-toast.net/netmeeting,
when a user has successfully registered or logged in , a session variable
is set. Make sure to start a session at the top of your script.
session_start();
$user_id=105;
session_register("user_id");
.....
if session_is_registered("user_id") {
.....
execute user code...
}
I found that by checking if the variable is *registered* rather than *set*
you get the advantage that users can't post a form or URL to your script to
set the varible user_id in the global scope (assuming you have
register_globals switched on in php.ini, as most ISPs do) : i.e. you know
you set it rather than somebody else, and can rely on the value.
Cheers,
Neil Smith.
>Hi there. You could avoid all of that trouble by using session variables.
>Upon successful login create/register a session variable to let the system
>know who they are, then on subsequent pages you want protected do a check to
>see if it exists, if not send them on their merry way.
>
>hth Joe :)
>
>
><[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi list, hope someone can help me here.
> >
> > I have content management system I have designed. I am still learning php
>so help here would be appreciated.
> >
> > The user logs into the system, and we carry there user name over the pages
>using a link to each page with the value of their name carried over as
>follows: ../index.php?name=<?echo("$name")?>
> >
> > This works fine for the whole site, except when a user makes changes to a
>entry. Once they submit adding a new entry or modifying an existing one, the
>value of : ../index.php?name=My Name ends up being ./index.php?name=My
> >
> > It deletes the end of the name of the url, so that when the user clicks
>the link it does not really know who they are.
> >
> > I have used a hidden field to carry the value of the name over the pages,
>but it does not work on forms.
> >
> > I hope this makes some sort of sense.
> >
> > If anyone knows of a workaround.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
