RE: [PHP] PHP authenticating and session management

Fri, 22 Jun 2001 10:59:42 -0700 

Does this depend on cookies?

regards,
jaxon


> -----Original Message-----
> From: Style|warrioR [mailto:[EMAIL PROTECTED]]
> Sent: Friday, June 22, 2001 5:09 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [PHP] PHP authenticating and session management
>
>
> I'm not quite sure if this is the perfect way cause I'm pretty new to this
> session stuff, too.....
> but my version looks like this:
>
> [login.php]
> a form with username and password field.
> submit --> auth.php
>
>
> [auth.php]
> check if username and password are ok (from a text file or your mysql
> database) [yes|no]
> [no] -> echo "bad login or password."; exit;
> [yes] -> start a session, save username and password in session vars,
> redirect to userpage
>
>
> lets say your userpages look like "aUsername_blah.php"
>
>
> ["aUsername_blah.php"]
> include a script on every userpage that checks if login and password are
> correct [yes|no]
> [no] -> redirect to login.php
> [yes] -> display page
>
>
> comments appreciated :)
> .andi
>
>
>
>
>
>
> "Arash Dejkam" <[EMAIL PROTECTED]> schrieb in im Newsbeitrag:
> 9guhbf$msi$[EMAIL PROTECTED]
> > Hi,
> >
> > I want to use PHP session manager but I have some problems,
> >
> > I want the session start in a login page so I do this for example:
> >
> > after authenticating...
> > session_start();
> > session_register("username");
> >
> > then I want the user to be able to see his own pages, what do I
> have to do
> > in those pages?
> >
> > simply check $username and bring up the user's page ? but this makes it
> > possible for any hacker to send a cookie with username and see
> that page.
> I
> > know that PHP stores a unique random number for each session
> but how can I
> > check that it matches with the number in the cookie.
> >
> > help me please I'm really confused !
> >
> > Thanks
> >
> > Arash Dejkam
> >
> >
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
> >
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to