On Tue, 13 Mar 2001, Michael Fork wrote: ->not if the include file ends with a .php -- since it is in <? ?>, anybody ->acessing the file from a web browser would not be able to see it. I misunderstood, I thought you meant that you would put that code in an included file. Which anybody could get at. However the code being hidden doesn't change that I could look for a cookie from your domain, see it's value, and still create another cookie. What you're all looking for is a *session based* authentication system. PHP does this, and you can do it yourself if you have a database set up. -- Dave ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to majordomo@xxxxxxxxxxxxxx so that your message can get through to the mailing list cleanly
