AceZero2790@xxxxxxx <mailto:AceZero2790@xxxxxxx> on Tuesday, January 25, 2005 2:46 PM said: > I need a pretty basic log in script. Something that people log in > to, and the page and all linked/related pages cannot be accessed > unless the person has logged in. So what do I need for this? > Cookies, sessions both? And where can I learn how? The basic idea for restricting access goes like this: A value is set in a cookie on the clients machine if the user successfully authenticates. The website will not allow access to the page(s) unless this value is found. Although this sounds pretty simple you have to keep in mind it's not very secure. Since cookies reside on the clients machine, the client could manipulate the cookie and pretend to be logged in. The cookie should also identify the user. Unless of course you have a single username/password combo for each user that comes to your site. In which case you will not need to differentiate between one user to the next. I am admittedly not an expert when it comes to security so I'll leave that up to the other people on this list. I wouldn't want to give back advice. (Hopefully I haven't already!) HTH, Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
