Well, what I would suggest is you log them in once, then set a session
variable such that $_SESSION[login] = true;
Then at the top of each page, just check if they're logged in or not.
if( !$login ) { Header(Location: .$LOGINPAGE.\n\n); exit; }
No hit to the db for every page.
If you're in the good habbit of using a require() file at the header,
you can put that in there, so all those pages are protected instantly
and it makes it easy to tweak.
However, if security is really a concern, I would choose to let Apache
deal with that. Plus the nice thing is that with the .htaccess (or
better yet, the httpd.conf Directory) you are guaranteed that all
subdirectories and files are protected too. Another little detail is
that a user can bookmark a page, and get back to it easily. My method
above would require you remembering the page they
requested-login-jump back to the page. I dunno. I have nothing to base
this on, but I feel 'safer' with private areas being protected by the
server rather than any code I could come up with. :)
DÆVID.
A good friend will come and bail you out of jail...but a true friend
will be sitting next to you in the holding cell, laughing and saying
-'That was fucking awesome!'
-Original Message-
From: Sarah Gray [mailto:sarah;fabled.net]
Sent: Monday, October 28, 2002 8:52 PM
To: [EMAIL PROTECTED]
Subject: [PHP-DB] The Ethics and Access of Login
list,
I have been using .htaccess pages formatted to read
username/password from a mysql database, and they work fine.
But I'm wondering, wouldn't it be simpler to simply write a
script that checks a database itself, and, if it finds the
username, goes on to the next action; and if it doesn't find
the member, shuts them out? This seems so simple that I am
sure there are good arguments against it. Am I right?
The idea, in simple terms, is a login form that calls a php
script which checks the id of the username in the form
against a database, and then the appropriate action following
their acceptance.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php