Env: Apache
1.3.x/php4.0.6/mysql3.23.x
Scenario: I have built a system that uses PHP
sessions for user access. Within the system I send user notifications via
email. Within the email are links to certain pages with
variables. For example.
My system checks to see if the session is
valid. Since the user is coming from an email. There is no
session. So the user is prompted for the user and password. They
enter and click submit. The authentication passes the user to right page,
but losses the variables in the query string. Thus causing
errors.
Here is the authentication code...
#### set session settings from login form
if (!session_is_registered("valid_user") && $session_login=="proc") { if ($userid && $password) { // if the user has just tried to log in $db_conn =
mysql_connect("localhost");
mysql_select_db("$dbname", $db_conn); $query = "select * from auth_users " ."where auth_username='$userid' " ." and auth_password='$password' "; $result = mysql_query($query, $db_conn); if (mysql_num_rows($result) >0 ) { // if they are in the database register the user id $valid_user = $userid; $valid_group=mysql_result($result,0,"auth_group"); $valid_perms=mysql_result($result,0,"auth_perms"); $valid_auth_id=mysql_result($result,0,"auth_id"); session_register("valid_user"); session_register("valid_group"); session_register("valid_perms"); session_register("valid_auth_id"); } else { $invalid_login= "Invalid login: Could not log you in... <!--ERROR: $dbname <P> $query-->"; } } } Any Ideas on how to pass the query string variables
through the authentication process?
|
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php