that was very helpful...Thank you. One question I have is that I want to ensure that my admin page cannot get accessed unless a variable that was registered upon a successful login has been passed into the session...what can I do to ensure this?
There are several ways to do this. The simplest way is to authenticate once and store a authentication flag in the session. You can set this authentication flag to true if the log-in was sucesfull.
On the administration page, you an just access the flag to see if the user is permitted (i.e. logged on). You can do this using the $_SESSION super global, something like this:
(pseudo php code) login.php
...
if ( authentication sucessfull ) /* username/password matched*/
{
$_SESSION['auth'] = true;
// redirect to admin page
}
else
{
Display login page with error.
}
...
admin.php
...
if ( $_SESSION['auth'] )
{
Show administration page.
}
else
{
Display login page with error.
}
...-----
NB: Make sure you use Header() redirects BEFORE your scripts prints anything. Otherwise you'll keep getting the warning/error "Warning: Cannot modify header information ..."
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
