On Thu, 29 May 2008 14:20:02 -0600 (MDT) "DeadTOm" <deadtom@xxxxxxxxxxxx> wrote: > So the user comes to the site and they're presented with a log in > page. They enter their username and password and php checks a mysql > database for a matching username and password. > In the case of a match, php then sets a cookie on their browser with a > value of 1 for authenticated and 0 for not authenticated. Every > subsequent page the user views checks the status of this cookie and > if it's a zero it kicks them back to the log in page. This cookie > expires in 5 days and after that they'll have to log in again. > I'm aware that this is terribly easy to circumvent by > creating/modifying a cookie with the 1 value and the site thinks > you've passed muster. What is a better way of doing this? > > -- > > DeadTOm > http://www.mtlaners.org > deadtom@xxxxxxxxxxxx > A Linux user since 1999. > > > Sessions. http://php.net/manual/en/ref.session.php -- Greg Maruszeczka http://websagesolutions.com skype: websage.ca googletalk: gmarus "Those who are possessed by nothing possess everything." -- Morihei Ueshiba -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
