Yes, but unless you're doing something like a shopping cart, php sessions are probably overkill.
For this all that he needs to do is have a login box that checks to see if the username/password are ok, and saves them in a cookie if they are. then at the top of every script you load the user's preferences if the cookie is there and set a variable ($preferences maybe). Then, if $preferences is there, you show the edit button. On Wed, 21 Nov 2001 12:14:09 -0800, Fred wrote: >I agree, if you want to do anything special with logins do not rely >on >htaccess, write your own auth scripts. On the other hand, I would >not >recommend using cookies either, unless it is in conjuntion with >sessions. >PHP has great session management funtions and they should be used at >the >exclusion of other authenitication methods. > >There are plenty of tutorials and scripts for this out there, but >the basic >steps work like this: > >1. start a session at the top of every page >2. put a login form on at least one page >3. when a user logs in, register the username with the session >4. check for the username before displaying the edit buttons > >Fred > > >Mark <[EMAIL PROTECTED]> wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >using apache to do the authorization is the cheap and easy way. If >you want something more advanced you should use a cookie. There's >probably tons of sample code on phpbuilder.com > > >On Wed, 21 Nov 2001 11:30:49 -0700, Nelson Goforth wrote: >>In my project I have basic HTML pages with PHP/MySQL driven content. >>In a subdirectory I have pages that allow users to change the >>content >>of the pages and other administrative functions. This subdirectory >>is protected with Apache mod_auth. >> >>What I would like to do is allow authorized users to see an "Edit" >>button on each page in the main directory, which would allow them to >>update a page right from the page itself - rather than going into >>the >>admin subdirectory to do it. >> >>I can drive the display of an "Edit" link from the REMOTE_USER >>environmental variable, but how can I allow the authorized users to >>log in, while STILL allowing unfettered access by the public? If >>they log in under the subdirectory that log in name doesn't carry >>back up to the top directory (I tried), even if I name the realm the >>same using the AuthName directive in .htaccess . >> >>I found some basic information in the book "Professional PHP >>Programming", but could someone point me to another resource that >>might give a bit more detail? >> >>Thanks, >>Nelson >> > > > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]