In an attempt to provide the best way to limit the # of accounts per person, I assumed that this could be accomplished by placing a dummy value only used by the site itself that is the username/encoded password for them on the community, and test if... when searched for in the database, a result set of x is discovered, then they are unable to create another account.
Problem: I would like to possibly utilize a login system (created on the remote server), that would then check their username and password against the CMS database located there, then redirect with that information (encrypted of course), to the local site where the information gets stored in a session. Then when they go to create a new account, it stores the extra verfied information into the database.
However, the issue at hand here is, I'm not sure how secure it would be if I were to say, create a secure login form, verify the data... and then create another pseudo form that directs the person to the local-based site using hidden post variables (this is my original thought on the subject).
Is there another way I could go about doing this (ie, a way that I could identify a user that is almost assuredly never going to change) or is there a more secure way? Or, am I on the right track?
Thanks for any help!
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
