On Wed, 2008-10-08 at 11:52 -0700, Bernhard Kohl wrote:
> <?php
> # I would recommend using the include method. Redirects should always
> be second choice, because they are just evil.
> # Example code below
> $password = md5('swordfish');
> $user = 'Trucker Joe';
> if ($_POST['user'] == $user && md5($_POST['password']) == $password) {
> include_once('login_successful.php');
> } else {
> include_once('login_failed.php');
> }
> # Some may also hash the user to prevent injection
> # http://us.php.net/manual/en/function.include.php
> # http://en.wikipedia.org/wiki/Code_injection#PHP_Injection
> ?>
>
Also, generally speaking, it is a good idea to verify a user against
their $_SESSION on every page to verify that they have gone through the
login procedure and not just gone directly to an URL in the site.
Ash
www.ashleysheridan.co.uk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
