At 22:56 13.03.2003, Dalibor Malek said:
--------------------[snip]--------------------
>The function is pretty simple, In this Page is a form where the User can
>enter his username and password, when he clicks on submit the script
>checks the input with the entries in the database. If its ok the script
>sends him to the page info.php if its not ok he comes to the page
>index_fault.php.
>This is all functioning but my problem is I have to paste at least the
>username to the page info.php.
>If I set the action to info.php and use $HTTP_GET_VARS its functioning
>but I cant use that action I need <?php echo $FF_LoginAction?> to verify
>the user.
>As far as I know I cant use two actions.
>Has anybody a idea how to do that, I'm sitting on this page now for 30
>hours without brake but I just dont get it.
--------------------[snip]--------------------
<rant mode>
Please don't take this personally but I dislike this approach to allow a
user to access some information he has to validate for. As soon as a user
gets to know that he can access the info page just by entering the
"info.php" URL, maybe together with a user ID as parameter, he will do that
(at least he can bookmark the location he should login to). This is
completely against the general idea of authentication...
What I'd do is to validate the user, setup a session where the user id is
stored (which is server side anyway), then branch to different sections of
my app, not by means of redirect but by including() the necessary code.
</rant mode>
You may pass the user token to the next page in two different ways:
(a) pass them as query parameter (see rant above):
header ("Location: $FF_redirectLoginSuccess?" .
"mmu=" . urlencode($MM_UserName) . "&" .
"mma=" . urlencode($MM_UserAuthorization));
(b) just more secure and elegant is simply handing over the session:
header ("Location: $FF_redirectLoginSuccess?" .
session_name() . '=' . session_id());
The latter of course will only work if it's the same host, and the same
machine so PHP will have access to the session data in question.
--
>O Ernest E. Vogelsinger
(\) ICQ #13394035
^ http://www.vogelsinger.at/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
