Hey Andrew...
IN MY OPINION... forget the cookies... only use php sessions... but
like I said IMO.... you can never rely on the end user having them
cookies enabled... same with things like javascript...
let me outline some steps for you... everyone else... feel free to
state pros and cons to theses.. cause i always make mistakes, or
forget things :o)
1. get the user's access info... ie username & password
2. look for the user in the database that stores the access infro
3. if access is granted, I usually set 2 session variables
a. $_SESSION['auth'] = TRUE // They are authorized
b. $_SESSION['user_id'] = {who} // Who is it
a. $_SESSION['user_level'] = {level} // What level access do
they have (optional)
4. at the beginning of each restricted access page, verify that they
are authorized to access that page... if they are not redirect them to
a access denied page.
that should get you started... maybe the second step would be to make
this stuff into functions... ... also, IMO.. it's a good idea to make
a logout script that will distroy that user's active session... not
sure what your PHP experience is... but hopefully the above steps will
help you out some..
Cheers!
Joe
On 25 Jan 2005 17:35:08 -0600, Bret Hughes <bhughes@xxxxxxxxxxxxx> wrote:
> On Tue, 2005-01-25 at 16:45, AceZero2790@xxxxxxx wrote:
> > Hey,
> > I need a particular type log in script. I'm not sure how to do it or
> > where I could find a tutorial that would help me, so I'll describe what I need
> > and then maybe someone could tell me what kind of script I need (sessions or
> > whatever) and where I could get the script/learn how to make it.
> > I need a pretty basic log in script. Something that people log in to,
> > and the page and all linked/related pages cannot be accessed unless the person
> > has logged in.
> > So what do I need for this? Cookies, sessions both? And where can I
> > learn how?
> >
> > -Andrew
>
> I use the pear auth package and like it alot. I know I did some
> modification for our purposes but I suspect it works out of the box.
>
> All you do is include auth.php on all pages you want to protect and it
> will direct you to a login page if you have not logged in. Pretty cool
> stuff.
>
> http://pear.php.net/package/Auth
> HTH
>
> Bret
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
