To protect certain web pages on my site, I am using the following code inserted at the very beginning (top) of the page:
<?php include_once( 'init.php'); if( isset( $HTTP_SESSION_VARS['session_id'] ) == FALSE || isset( $HTTP_SESSION_VARS['username'] ) == FALSE ){ header( 'Location: '.MEMBER_LOGIN_PAGE ); } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> ... Dreamweaver template code here... </html> Is this a recommended way of doing this? Next, to initialize the session, a login page posts the username - password information to a PHP script, check_login.php. The login info is checked against a database and, if all is kosher, a new session is created and the user is dispatched to the site's home page. Here's the relevant code: <?php include_once( 'init.php'); ... $username = trim($HTTP_POST_VARS['username']); $password = trim($HTTP_POST_VARS['password']); ... if username and password check out, initialize a session... $HTTP_SESSION_VARS['username'] = $username; $HTTP_SESSION_VARS['session_id'] = crypt( $password ); header( 'Location: '.SITE_HOME_PAGE ); ... ?> Does this make sense? Am I missing something? Any review, advice, etc., would be much appreciated. Cheers, Michael -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php