pp wrote: > > My idea: If the user doesn't have a midgard account, store username and > > pawd as preferences. But then, the passwords will not be encrypted. > > So what? > I use something like: > > 1. send cookie > 2.create user > 3. create user topic where name = cookie, with pass plain text in some field > > All is piece of cake: > 1.check what cookie is > 2. mgd_get_topic_by_name (id, cookie); > 3. $user = $topic->creator; > 4. Hello! $user!!! > (stupid man , he thinks he is logged) ;) > 5. bla bla user watch some > 6. oh! user wants to add something > 7. ok let's mgd_auth_midgard($user->username$SG, $topic->field,0). > 8. OK some changes made > 9. unset user
And mine: if something needs an authorized user, and $user var is not set: please log in (with 403 message, or a simple form). Evaluate, then set $user session variable. If I check that the variable is in the PHP_SESSION_VARS[], then I think it is a quite safe method to log in the user. Correct me if it is not... Fery --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
