insted of if ( $isloggedin ) user logged in
do if ( $HTTP_SESSION_VARS['isloggedin'] ) user is logged in -- Chris Lee [EMAIL PROTECTED] "Steve Maroney" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Hey guys, > > I know this has been brought up several times but can't find it in the > archives of this list. > > I have some PHP 4 scripts that check the value of a "logged in" variable. > if the user authenticates him/her self, then the "logged in" variable gets > set and registered with the session. How can I stop some evil person from > passing that variable to my script using GET or POST methods ? > > I tried: > $HTTP_POST_VARS[user_authenticated] = ""; > $HTTP_GET_VARS[user_authenticated] = ""; > > and: > unset($HTTP_POST_VARS[user_authenticated]); > unset($HTTP_GET_VARS[user_authenticated]); > > but that didn't do me any good. Please advise. > > Thank you, > Steve Maroney > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]