In a revised scheme for a customer I'm doing # 3. User can come into any page, a bit of PHP at the top does this: starts session registers "origin" assigns PHP_SELF to $origin checks to see if another session var is set and directs to logon page if not if( !session_is_registered( "member_id" ) ) { header("Location: logon.php\n")};
Where they are logged on and member_id is set. There's nothing magic about member_id, it's simply a token and has no content. After authentication the user is returned, via a header command, like so: header("Location: $origin"); If authentication fails they loop on the logon page, which has links to a registration and lost my password forms. The neatest part of this is that any page can be protected from unauthorized viewing merely adding a bout 6 lines of code at the top and saving it with a php rather than html extension. Regards - Miles Thompson http://www.cqagroup.ca At 12:47 PM 12/4/2001 -0500, Jim wrote: >There are many different ways to do this ... > >1. Have the same PHP script that validates generate the login page. This >way the script always has the correct data and you don't need to pass anything. > >2. Header("Location: login.php?err=$err&user=$user&pass=$pass"); >This will work, but the bad password will be visible in the query string. > >3. Start a session at the login page and register the variables you need >to use on the login page. > >Jim > > > > >>Hi, >> >>I wonder if someone could tell me whether or not the following is >>possible? >> >>I have an HTML form which passes a username and password to a PHP script >>for validation. If either is not valid, I would like it to return to the >>previous page - carrying with it a variable plus the submitted form >>information... >> >>=-=-=-=-=-=-=-=-= >>if (strlen ($password1) <4 ) { >> $err = "Password must be more than 4 characters long"; >> header("Location:http://somelocation.php"); >> // ^-- at the location, the $err and form variables will be available >> >> exit; >>} >>=-=-=-=-=-=-=-=-= >> >>Is it possible to this without using an HTML form? >> >>Thanks very much in advance. >> >>- Best regards, >> >>Lee >> >> >>-- >>PHP General Mailing List (http://www.php.net/) >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >>To contact the list administrators, e-mail: [EMAIL PROTECTED] > > >-- >Jim Musil >--------- >Multimedia Programmer >Nettmedia >------------- >212-629-0004 >[EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]