insted of
if ( $isloggedin )
user logged in
do
if ( $HTTP_SESSION_VARS['isloggedin'] )
user is logged in
--
Chris Lee
[EMAIL PROTECTED]
"Steve Maroney" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
>
> Hey guys,
>
> I know this has been brought up several times but can't find it in the
> archives of this list.
>
> I have some PHP 4 scripts that check the value of a "logged in" variable.
> if the user authenticates him/her self, then the "logged in" variable gets
> set and registered with the session. How can I stop some evil person from
> passing that variable to my script using GET or POST methods ?
>
> I tried:
> $HTTP_POST_VARS[user_authenticated] = "";
> $HTTP_GET_VARS[user_authenticated] = "";
>
> and:
> unset($HTTP_POST_VARS[user_authenticated]);
> unset($HTTP_GET_VARS[user_authenticated]);
>
> but that didn't do me any good. Please advise.
>
> Thank you,
> Steve Maroney
>
>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
