I'm not quite sure if this is the perfect way cause I'm pretty new to this
session stuff, too.....
but my version looks like this:
[login.php]
a form with username and password field.
submit --> auth.php
[auth.php]
check if username and password are ok (from a text file or your mysql
database) [yes|no]
[no] -> echo "bad login or password."; exit;
[yes] -> start a session, save username and password in session vars,
redirect to userpage
lets say your userpages look like "aUsername_blah.php"
["aUsername_blah.php"]
include a script on every userpage that checks if login and password are
correct [yes|no]
[no] -> redirect to login.php
[yes] -> display page
comments appreciated :)
.andi
"Arash Dejkam" <[EMAIL PROTECTED]> schrieb in im Newsbeitrag:
9guhbf$msi$[EMAIL PROTECTED]
> Hi,
>
> I want to use PHP session manager but I have some problems,
>
> I want the session start in a login page so I do this for example:
>
> after authenticating...
> session_start();
> session_register("username");
>
> then I want the user to be able to see his own pages, what do I have to do
> in those pages?
>
> simply check $username and bring up the user's page ? but this makes it
> possible for any hacker to send a cookie with username and see that page.
I
> know that PHP stores a unique random number for each session but how can I
> check that it matches with the number in the cookie.
>
> help me please I'm really confused !
>
> Thanks
>
> Arash Dejkam
>
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
