I use sessions, I also dont store the users password into the session,
if you use flat file sessions on a shared server then storing the
password should be avoided,
What I do is take a username and password, verify their details against
database, if their details match one in database I simply add their
username to the session, to check if someone is logged in I just check
whether their username exists in the session, if it does I deliver my
protected content but if not I display a login box.
Alessandro Rosa wrote:
Here's below the solution (the encryption will be shortly performed
into login.php).
1 <?php
2 session_start();
3 $_SESSION['session_user'] = $_POST['txtIdUtente'];
4 $_SESSION['session_password'] = $_POST['txtPassword'];
5 $PHPcmd = "login.php" ;
6 header( "Location: ".$PHPcmd );
7 ?>
But a QUESTION now :
if line 5 is replaced by these two lines, say here 5a and 5b:
5a require_once("config.inc.php");
5b $PHPcmd = $GLOBALS['gestionale_path_name']."phpcode/login/login.php" ;
this does not work (meaning user and psw are not passed to login.php);
but again the below code works again:
5a require_once("config.inc.php");
5b $PHPcmd = $gestionale_path_name."phpcode/login/login.php" ;
Thanks,
Alessandro
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
