I'm tring to get a login system going using PHP3 and MySQL. I'll have two
tables -- one containing the username and passwords of each user plus a
variable called Access which will hold what other parts of the scripts
they'll have access to and another containing the actual logged in sessions.
I'm trying to do this without using cookies so I'll be passng $sess_id
around by get and post.
These are my notes of what I'm thinking. Does anybody see any major
problems with this?
1. If $sess_id doesn't exist, check for a username/password combination.
a. if username/password exist, check validity
i. if not valid, display error message/login
b. if username/password doesn't exist
i. display login.
c. if username/password exist and valid (MySQL table check)
i. create session id
ii. find REMOTE_ADDR
iii. fetch user information (Access, etc).
iv. serialize REMOTE_ADDR, userinformation for table
v. store session id, serialized information, and timestamp in
sessions table.
iv. continue
2. If $sess_id does exist, check table for session information.
a. if session exists
i. pull serialized data
ii. find REMOTE_ADDR and compare to current.
!. if not correct, display login
iii. update timestamp in session table
iv. continue
b. if session doesn't exist
i. display login.
Joel
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
