I have a weblog type script I'm building for a friend where there are main posts then comments - Registered users can post comments, unregistered don't even have the option. I was thinking of making a page where a user logs on, then it registers a session with a few variables like $sid, $username, etc.
IF a user is logged on, they can post, if not they don't even see the option. Instead of doing a SQL query everytime they look at the posts, I was thinking of registering a variable called like $true where if they're logged on, it's set, and if it's set they see the option to post. The only thing I'm worried about though is that someone could probably figure out to type in something like comments.php?true=1 and that would allow anonymous posting, which I don't want. Is there anyway to set a variable that can't be set in a query string? Or, is there even a better way of doing something like this? Sorry if I don't make much sense in this question, explaining what a script is supposed to do is kind of difficult for me :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
