|
|
Posted by JamesBenson on 06/06/05 23:30
I use sessions, I also dont store the users password into the session,
if you use flat file sessions on a shared server then storing the
password should be avoided,
What I do is take a username and password, verify their details against
database, if their details match one in database I simply add their
username to the session, to check if someone is logged in I just check
whether their username exists in the session, if it does I deliver my
protected content but if not I display a login box.
Alessandro Rosa wrote:
> Here's below the solution (the encryption will be shortly performed
> into login.php).
>
> 1 <?php
> 2 session_start();
>
> 3 $_SESSION['session_user'] = $_POST['txtIdUtente'];
> 4 $_SESSION['session_password'] = $_POST['txtPassword'];
>
> 5 $PHPcmd = "login.php" ;
>
> 6 header( "Location: ".$PHPcmd );
> 7 ?>
>
>
> But a QUESTION now :
>
> if line 5 is replaced by these two lines, say here 5a and 5b:
>
> 5a require_once("config.inc.php");
> 5b $PHPcmd = $GLOBALS['gestionale_path_name']."phpcode/login/login.php" ;
>
> this does not work (meaning user and psw are not passed to login.php);
> but again the below code works again:
>
> 5a require_once("config.inc.php");
> 5b $PHPcmd = $gestionale_path_name."phpcode/login/login.php" ;
>
>
> Thanks,
>
> Alessandro
>
Navigation:
[Reply to this message]
|