|
|
Posted by Dave Nash on 12/17/06 22:26
On Fri, 15 Dec 2006 10:02:59 +0100, "J.O. Aho" <user@example.net>
wrote:
>Dave Nash wrote:
>> On Fri, 15 Dec 2006 16:31:28 +1000, "Vince Morgan"
>
>
>> Ive setup up a link to grab the userid variable on the index page once
>> logged in, but it doesnt seem to work.
>
>You need to store the userid to the session (assuming u_name is unique)
>
>$query="SELECT userid FROM users WHERE u_name='{$_SESSION['userid']}'";
>$row=mysql_fetch_array($query);
>$_SESSION['userid']=$row['userid'];
>
>> <?php echo"<a href=\"file.php?userid=" . $_SESSION['userid'] . "\"
>> class=\"a\">Link</a>"; ?>
>
>As you know whom your user is ($_SESSION), you don't need to pass the userid
>over a link, you could just make
>
><a href="file.php" class="a">Link</a>
>
>as in the file.php you can easily just check if the the $_GET/$_REQUEST has
>the userid or not.
>
>/* Assumes you stored the userid to the session, else you need to fetch it
>from the db before storing it to the $userid */
>if(!isset($_REQUEST['userid'])) {
> $userid=$_SESSION['userid'];
>} else {
> $userid=$_REQUEST['userid'];
>}
>
>> but when I use the u_name variable it works fine.
>>
>> <?php echo"<a href=\"file.php?u_name=" . $_SESSION['u_name'] . "\"
>> class=\"a\">Link</a>"; ?>
>>
>> This is my query.
>> "select userid from users
>> where u_name='" . $_SESSION['u_name'] . "' and p_word='" .
>> $_SESSION['p_word'] . "'"
>
>IMHO it's not good to store passwords in a session, the session can be
>readable for the wrong persons on the web server and those someone can get the
>passwords. I wouldn't store passwords as plain text in a database for the same
> reason, MD5() is a good function in the SQL and PHP, store the password in
>MD5 format in the database.
This has totally lost me.
Is this option in replace of the following login script.
// query for a user/pass match
$result=mysql_query("select userid from users
where u_name='" . $_SESSION['u_name'] . "' and p_word='" .
$_SESSION['p_word'] . "'");
[Back to original message]
|